Date: Mon, 11 Sep 2000 18:46:44 -0400 (EDT) From: mi@aldan.algebra.com To: Bill Moran <wmoran@columbus.rr.com> Cc: stable@freebsd.org Subject: Re: firewall rules for applications Message-ID: <200009112246.SAA27038@misha.privatelabs.com> In-Reply-To: <39BD5D43.9231594B@columbus.rr.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 11 Sep, Bill Moran wrote: = mi@aldan.algebra.com wrote: = > = > I wonder how feasible would it be to implement firewall rules that = > would take into consideration the program (on the local machine) = > sending/receiving the packets. I know, I can now base the rules on = > the user/group id, but I may want to go further. = = Technically, this is what ports are for. Port 80 is for http, 23 for = telnet, etc. In a better world, this would be all that's needed. But = ... Mmm, yes, but I may wish to block Communicator from reaching something, that Lynx or Konqueror users are allowed to reach. Like "Smart Browsing". = > I just read a description of a Windows product, that attempts to = > fight software offered by sneaky vendors, that tries to contact the = > vendor over the Internet to send back user's data. The blocking = > software, supposedly, blocks applications from accessing certain = > sites. This is not an immediate problem for FreeBSD, but... = = Why not prevent the user from installing the trojan to begin with = (that's basically what that is) Because, there may be a legitimate need for the software. Like Communicator, for example, or Doom/Quake :) = The best security will always be trained individuals who are paranoid. That's correct. And I'm trying to be one of those and think ahead to see the time when a giant software packages will be available to me on FreeBSD, but I'll want to limit their network access. -mi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200009112246.SAA27038>