* Netfilter lacks ability to filter packets via Application-origin
[not found] <COL002-W8067088C0C0B4682A10A0F39B0@phx.gbl>
@ 2012-09-27 21:04 ` Chad Gray
2012-09-27 22:25 ` richard -rw- weinberger
2012-09-27 23:36 ` Ben Hutchings
0 siblings, 2 replies; 7+ messages in thread
From: Chad Gray @ 2012-09-27 21:04 UTC (permalink / raw)
To: netdev
Users need the ability for Linux firewall to filter packets based on what
Application they are originating from. This ability is present in Mac and
Windows firewalls, but not Linux.
For example, users would like ability to open Port 80 for Firefox, but keep
Port 80 closed for other applications.
This ability enhances Privacy & Security of the user but also helps to better
inform the user about the comings and goings of internet traffic and what
application/s are causing the traffic.
https://bugzilla.kernel.org/show_bug.cgi?id=47531
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Netfilter lacks ability to filter packets via Application-origin
2012-09-27 21:04 ` Netfilter lacks ability to filter packets via Application-origin Chad Gray
@ 2012-09-27 22:25 ` richard -rw- weinberger
2012-09-27 23:36 ` Ben Hutchings
1 sibling, 0 replies; 7+ messages in thread
From: richard -rw- weinberger @ 2012-09-27 22:25 UTC (permalink / raw)
To: Chad Gray; +Cc: netdev
On Thu, Sep 27, 2012 at 11:04 PM, Chad Gray <chad938@hotmail.com> wrote:
> Users need the ability for Linux firewall to filter packets based on what
> Application they are originating from. This ability is present in Mac and
> Windows firewalls, but not Linux.
>
> For example, users would like ability to open Port 80 for Firefox, but keep
> Port 80 closed for other applications.
You can implement such filters using LSM like SELinux.
> This ability enhances Privacy & Security of the user but also helps to better
> inform the user about the comings and goings of internet traffic and what
> application/s are causing the traffic.
I seriously doubt that.
--
Thanks,
//richard
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Netfilter lacks ability to filter packets via Application-origin
2012-09-27 21:04 ` Netfilter lacks ability to filter packets via Application-origin Chad Gray
2012-09-27 22:25 ` richard -rw- weinberger
@ 2012-09-27 23:36 ` Ben Hutchings
1 sibling, 0 replies; 7+ messages in thread
From: Ben Hutchings @ 2012-09-27 23:36 UTC (permalink / raw)
To: Chad Gray; +Cc: netdev
On Thu, 2012-09-27 at 17:04 -0400, Chad Gray wrote:
> Users need the ability for Linux firewall to filter packets based on what
> Application they are originating from. This ability is present in Mac and
> Windows firewalls, but not Linux.
[...]
So you have said before. But you have been given some suggestions of
facilities that are available to do this, so you should either go ahead
and use them or else explain why they are insufficient or unsuitable.
In any case, please stop repeating yourself.
Ben.
--
Ben Hutchings, Staff Engineer, Solarflare
Not speaking for my employer; that's the marketing department's job.
They asked us to note that Solarflare product names are trademarked.
^ permalink raw reply [flat|nested] 7+ messages in thread
* RE: Netfilter lacks ability to filter packets via Application-origin
@ 2012-09-21 16:39 Chad Gray
0 siblings, 0 replies; 7+ messages in thread
From: Chad Gray @ 2012-09-21 16:39 UTC (permalink / raw)
To: netdev
No firewall appears to exist for Linux that can filter packets based on application. Mac and Windows both offer these firewalls. Why can't Linux add this capability to its firewalls? It is a very powerful privacy & security & awareness tool for the user.
Every attempt I've made to get this capability added to Distributions, firewall makers, etc has resulted in their telling me the Kernel does not support this capability and that is why Linux can't do this and won't be able to do this until the Kernel supports it.
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Netfilter lacks ability to filter packets via Application-origin
2012-09-19 20:24 ` Ben Hutchings
@ 2012-09-19 20:50 ` John Fastabend
0 siblings, 0 replies; 7+ messages in thread
From: John Fastabend @ 2012-09-19 20:50 UTC (permalink / raw)
To: Chad Gray; +Cc: Ben Hutchings, netdev
On 9/19/2012 1:24 PM, Ben Hutchings wrote:
> On Wed, 2012-09-19 at 15:40 -0400, Chad Gray wrote:
>> Users need the ability for Linux firewall to filter packets based on what
>> Application they are originating from. This ability is present in Mac and
>> Windows firewalls, but not Linux.
>>
>> For example, users would like ability to open Port 80 for Firefox, but keep
>> Port 80 closed for other applications.
>>
>> This ability enhances Privacy & Security of the user but also helps to better
>> inform the user about the comings and goings of internet traffic and what
>> application/s are causing the traffic.
>
> Most of the Linux Security Modules seem to support this sort of network
> policy.
>
> Ben.
>
Another approach might be to use the net_cls cgroups and set the
classid matching against it with tc or netfilters.
.John
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Netfilter lacks ability to filter packets via Application-origin
2012-09-19 19:40 Chad Gray
@ 2012-09-19 20:24 ` Ben Hutchings
2012-09-19 20:50 ` John Fastabend
0 siblings, 1 reply; 7+ messages in thread
From: Ben Hutchings @ 2012-09-19 20:24 UTC (permalink / raw)
To: Chad Gray; +Cc: netdev
On Wed, 2012-09-19 at 15:40 -0400, Chad Gray wrote:
> Users need the ability for Linux firewall to filter packets based on what
> Application they are originating from. This ability is present in Mac and
> Windows firewalls, but not Linux.
>
> For example, users would like ability to open Port 80 for Firefox, but keep
> Port 80 closed for other applications.
>
> This ability enhances Privacy & Security of the user but also helps to better
> inform the user about the comings and goings of internet traffic and what
> application/s are causing the traffic.
Most of the Linux Security Modules seem to support this sort of network
policy.
Ben.
--
Ben Hutchings, Staff Engineer, Solarflare
Not speaking for my employer; that's the marketing department's job.
They asked us to note that Solarflare product names are trademarked.
^ permalink raw reply [flat|nested] 7+ messages in thread
* Netfilter lacks ability to filter packets via Application-origin
@ 2012-09-19 19:40 Chad Gray
2012-09-19 20:24 ` Ben Hutchings
0 siblings, 1 reply; 7+ messages in thread
From: Chad Gray @ 2012-09-19 19:40 UTC (permalink / raw)
To: netdev
Users need the ability for Linux firewall to filter packets based on what
Application they are originating from. This ability is present in Mac and
Windows firewalls, but not Linux.
For example, users would like ability to open Port 80 for Firefox, but keep
Port 80 closed for other applications.
This ability enhances Privacy & Security of the user but also helps to better
inform the user about the comings and goings of internet traffic and what
application/s are causing the traffic.
https://bugzilla.kernel.org/show_bug.cgi?id=47531
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2012-09-27 23:36 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <COL002-W8067088C0C0B4682A10A0F39B0@phx.gbl>
2012-09-27 21:04 ` Netfilter lacks ability to filter packets via Application-origin Chad Gray
2012-09-27 22:25 ` richard -rw- weinberger
2012-09-27 23:36 ` Ben Hutchings
2012-09-21 16:39 Chad Gray
-- strict thread matches above, loose matches on Subject: below --
2012-09-19 19:40 Chad Gray
2012-09-19 20:24 ` Ben Hutchings
2012-09-19 20:50 ` John Fastabend
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).