On Fri, Oct 27, 2006 at 12:37:00PM +0200, Gabor Szokoli wrote: > On 10/27/06, Gáspár Lajos <swifty@xxxxxxxxxxx> wrote: > >BUT if I did not understood you correctly then please send me an exact > >question... > > I might be able to mediate before this escalates... > I think vwf assumes the firewall is on the same host as the > applications, no forwarding takes place. > In this case it is not an unreasonable expectation to be able to write > iptables rules matching the name of the executable whose process > instance owns the socket: so called "personal firewall" applications > on some other operating system do this all the time. > > Google-lee-goo: > http://www.netfilter.org/projects/patch-o-matic/pom-submitted.html#pom-submitted-ownercmd Thank you. Your assumptions are right. I filter on application on the workstation, and on port/destination on the router. Iptables lost --cmd-owner, so new kernels were pretty useless to me, but they seem to be reintroduced for ip6tables. Is there a "howto" to rewrite a iptables firewall-ruleset to ip6tables (or a good introduction for ip6tables)?
