mobility and firewall
Dmitriy Kropivnitskiy
nigde at mitechki.net
Fri Jun 3 12:09:18 CDT 2005
On Fri, 2005-06-03 at 11:43 +1200, Christoph Georgi wrote:
> Default Policy: DROP
> Allow only ESTABLISHED and RELATED for incoming traffic
> Allow outgoing connections only to port http, https, smtp, pop3, ...
I wouldn't restrict outgoing connections, since that wuold lead to way
to many dumb-user problems like
"I cannot use AIM!" "Why cannot I connect to IRC?" etc.
> Additionally you might want to specify the processes that are allowed to
> connect to services.
What do you mean by this? If you mean something like "Only
mozilla-firefox can connect to port 80" it is rather difficult. The only
way I see to do something like this transparently is to use netlink
interface of netfilter. Unfortunately it is a bit under-documented and I
am not sure how well it is supported.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.ubuntu.com/archives/ubuntu-devel/attachments/20050603/ff688ea6/attachment.htm
More information about the ubuntu-devel
mailing list