grsecurity forums


http://forums.grsecurity.net./

Allowing connect to all except one IP?

http://forums.grsecurity.net./viewtopic.php?f=5&t=877

Page 1 of 1

Allowing connect to all except one IP?

PostPosted: Tue Jul 13, 2004 3:27 am
by man4atl
How do I ban a process to connect to a particular IP, that is, to allow it to connect to all IP excetp one. For example,
/usr/local/bin/RealPlayer
{
...
connect ! ads.real.com
connect ! update.real.com
}

Such syntax does not seem to work.

Thanks.

Sicerely,
Peter

PostPosted: Tue Jul 13, 2004 8:32 am
by spender
It's something I have planned to do after the grsecurity2 documentation is done.

-Brad

PostPosted: Tue Jul 13, 2004 3:23 pm
by man4atl
Thanks. It would be very useful.
But more general, if ACLs can include iptables commands or something like that, to apply iptables rules on a process basis, it would be even more powerful.

Peter

PostPosted: Tue Jul 13, 2004 3:34 pm
by spender
There is already an iptables module that can do that. It's called "owner". You can select it in the default kernel's configuration.

-Brad
All times are UTC - 5 hours [ DST ]
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/