| 1 |
On 02/28/2018 04:47 PM, Grant Taylor wrote: |
| 2 |
> I know that iptables can filter based on a process owner and cgroup. So, |
| 3 |
> depending on how the applications are running, you might be able to come |
| 4 |
> close to what you're after. |
| 5 |
|
| 6 |
You might be able to punt (metadata about) packets into a user space |
| 7 |
program that can then make decisions based on additional information. |
| 8 |
I.e. what process owns the originating / terminating socket, and ACCEPT |
| 9 |
/ DROP / REJECT packets based on that. |
| 10 |
|
| 11 |
I've never heard of such, but I see how it could work. E.g. DROP / |
| 12 |
REJECT packets by default, and ACCEPT any packets that have a paternal |
| 13 |
process tied to the /usr/bin/thunderbird file. |
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
-- |
| 18 |
Grant. . . . |
| 19 |
unix || die |
Archives