Le jeu 26/06/2003 à 10:03, Liber ChrXtien a écrit : > I've a LAN at home with mdk as server and win and mdk on the clients > My question is : is there a way to block certain applications, such as specific > softwares (office suite for example), to access internet with iptables? > How to identify the packets emitted from such applications and block them ? If you've planed to do this remotly, I mean on a dedicated firewall, such as your network gateway, you can't, as Netfilter is a packet filter. Thus, you can say "allow TCP/80 as destination, but cannot force HTTP usage through this port. To filter application protocols, you'll have to use an application proxy (e.g. HTTP proxy). Eventhough, distinguishing IE on Win, Word on Win or Mozilla on Win or Linux will be difficult if they all use HTTP. You can only rely on related HTTP fields that can be changed/forged. If you've planed to do this locally, I mean using Netfilter on the GNU/Linux clients, then you can use owner match which provides a command line match (-m owner --owner-cmd $CMD). Although it is not as strict as expected (you can use a well named symlink to gain access through an authorized command), it allows some kind of valuable "personnal firewall like" filtering. For Win clients, use a personnal firewall, such as Kerio or Outpost. But this part is off-topic ;) -- Cédric Blancher <blancher@xxxxxxxxxxxxxxxxxx> IT systems and networks security - Cartel Sécurité Phone : +33 (0)1 44 06 97 87 - Fax: +33 (0)1 44 06 97 99 PGP KeyID:157E98EE FingerPrint:FA62226DA9E72FA8AECAA240008B480E157E98EE
