1 |
On 02/28/2018 04:22 PM, Taiidan@×××.com wrote: |
2 |
> Is there a windows style application layer firewall? |
3 |
|
4 |
I'm not aware of one. |
5 |
|
6 |
I know that iptables can filter based on a process owner and cgroup. |
7 |
So, depending on how the applications are running, you might be able to |
8 |
come close to what you're after. |
9 |
|
10 |
I think I've seen a few firewall packages / solutions over the years |
11 |
that run a client on workstations that publish state on a central |
12 |
firewall, which will then filter flows based on their (lack of) |
13 |
registration state. - I've never messed with anything like this. |
14 |
|
15 |
> I get that it doesn't stop truly malicious programs but I am simply |
16 |
> wanting to stop random programs doing connections without my consent |
17 |
> which due to the lennart potterings's of the world now are not just a |
18 |
> windows freeware problem. |
19 |
|
20 |
I think for now, you have to block everything by default and explicitly |
21 |
allow what you want through. Or use something like a SOCKS server that |
22 |
can do some different types of filtering than can be done with iptables. |
23 |
|
24 |
|
25 |
|
26 |
-- |
27 |
Grant. . . . |
28 |
unix || die |