From owner-freebsd-stable Tue Sep 12 7:24: 1 2000 Delivered-To: freebsd-stable@freebsd.org Received: from shark.harmonic.co.il (jupiter.harmonic.co.il [192.116.140.62]) by hub.freebsd.org (Postfix) with ESMTP id D125C37B422 for ; Tue, 12 Sep 2000 07:23:57 -0700 (PDT) Received: from localhost (roman@localhost) by shark.harmonic.co.il (8.9.3/8.9.3) with ESMTP id RAA28870; Tue, 12 Sep 2000 17:23:48 +0300 Date: Tue, 12 Sep 2000 17:23:48 +0300 (IDT) From: Roman Shterenzon To: mi@aldan.algebra.com Cc: freebsd-stable@FreeBSD.ORG Subject: Re: firewall rules for applications In-Reply-To: <200009112201.SAA26880@misha.privatelabs.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Perhaps it's possible to some degree using a transparent proxy and simple modifications to squid. (but then again, "UserAgent" could be fooled..) On Mon, 11 Sep 2000 mi@aldan.algebra.com wrote: > I wonder how feasible would it be to implement firewall rules > that would take into consideration the program (on the local machine) > sending/receiving the packets. I know, I can now base the rules on > the user/group id, but I may want to go further. > > Identifying a program to the kernel may not be simple -- perhaps a > regexp of the executable's name or an md5 of the /proc/file? Or the > executable's (or script's) inode-filesystem? > > I just read a description of a Windows product, that attempts to fight > software offered by sneaky vendors, that tries to contact the vendor > over the Internet to send back user's data. The blocking software, > supposedly, blocks applications from accessing certain sites. This is > not an immediate problem for FreeBSD, but... > > Just a thought... > > -mi > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-stable" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message