[Fwbuilder-discussion] Re: firewall with user interaction/netlink support
Brought to you by:
mikehorn
From: Stefan S. <sst...@sy...> - 2004-12-06 11:11:48
|
I just posted these messages you might be interested in to a kde mailinglist. please answer personally since I'm not on this mailinglist. > > Stefan Strasser schrieb: > >> I hope I'm posting this to the right newsgroup. >> >> I wonder if there's any interest in implementing a kde application >> which uses the netfilter support for user interaction, a "personal >> firewall" for which you don't have to neccessarily set up rules but >> you are asked when an application is trying to access the net. >> this especially enables you to allow access for one applcation(e.g. >> firefox) but disallow for another(e.g. a proprietary application >> trying to call home), which isn't that easy with normal netfilter >> rules(only way I can think of is introducing a unix group which is >> allowed to access the net. which causes problems for some applications). >> have a look at sygate personal firewall for windows to see what I mean. >> >> so, I don't have time to learn kde/qt gui programming but I could do >> the network/daemon stuff. >> maybe it's best to add this feature to an existing firewall app like >> knetfilter so you can combine rules with user interaction. >> (unfortunately I couldn't look at knetfilter since it claims my >> kernel(2.6.8) doesn't support netfilter but it does) >> >> send me an email if you're interested in that kind of application, >> even if you don't have the time or knowledge to help implementing it. >> >> > > (...) > > > you're right, but the kernel already has support for this. > > there is a special iptables target called QUEUE which lets a userspace > > application decide if the packet is to be rejected or accepted. > > among other information you can get the pid of the sending process and > > the IP packet itself(destination, port etc) to do this. > > but up to now there is no userspace application for this I'm aware of. > > > > -- Stefan Strasser |