Date: Tue, 12 Sep 2000 17:23:48 +0300 (IDT) From: Roman Shterenzon <roman@harmonic.co.il> To: mi@aldan.algebra.com Cc: freebsd-stable@FreeBSD.ORG Subject: Re: firewall rules for applications Message-ID: <Pine.LNX.4.10.10009121722420.27569-100000@shark.harmonic.co.il> In-Reply-To: <200009112201.SAA26880@misha.privatelabs.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Perhaps it's possible to some degree using a transparent proxy and simple modifications to squid. (but then again, "UserAgent" could be fooled..) On Mon, 11 Sep 2000 mi@aldan.algebra.com wrote: > I wonder how feasible would it be to implement firewall rules > that would take into consideration the program (on the local machine) > sending/receiving the packets. I know, I can now base the rules on > the user/group id, but I may want to go further. > > Identifying a program to the kernel may not be simple -- perhaps a > regexp of the executable's name or an md5 of the /proc/file? Or the > executable's (or script's) inode-filesystem? > > I just read a description of a Windows product, that attempts to fight > software offered by sneaky vendors, that tries to contact the vendor > over the Internet to send back user's data. The blocking software, > supposedly, blocks applications from accessing certain sites. This is > not an immediate problem for FreeBSD, but... > > Just a thought... > > -mi > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-stable" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.10.10009121722420.27569-100000>