On Sunday 29 February 2004 12:26 pm, Moath A. Khalaf wrote:
> Hi,
>
> How can I filter using a port and allow some processes
> to pass this filter. For example, I want to add a rule
> that does not accept a connection on port 80 to any process
> other than Apache web server.
Is the Apache web server running on the machine with the filtering rules?
If so, then it will be the only process bound to port 80, and nothing else can
receive packets to this port anyway. Therefore you have no problem.
If the web server is running on another machine and you are talking about a
forwarding (routing) firewall, the only solution to your requirement is a
proxy server such as Squid. Netfilter cannot tell what sort of traffic is
going to port 80 - it operates at the network layer, not the application
layer.
Regards,
Antony.
--
This is not a rehearsal.
This is Real Life.
Please reply to the list;
please don't CC me.
