firewall?

cafte pls neviete o niecom ako jednoduchy firewall pre linux?
ide mi v podstate o to aby som videl ake data mi idu cez siet a tie povoloval resp. zakazoval, pretoze som zistil ze v poslednom case mi nejake taketo data idu o ktorych ja nic neviem , zistil som to cez ethereal, diki moc

no v linuxe je najrozsirenejsim fw asi iptables
ja pouzivam na freebsd pf (packet filter), mal by byt preportovany aj na linux

ok a ako tym iptables povolim pripajanie sa k internetu iba FF, opere, kopete , centericq, irssi, .......

teda vybranym programom?

IPTABLES takto nefungju, mozes tam robit iba pravidla na interface, ip adresy, ip rozsahy, porty a protokoly.
Nie je to aplikacny firewall !!! Je to packet/statefull filter
V tvojom pripade mozes povoli akurat port 80 co je http, a tym padom vsetko co bude chciet ist cez 80 bude povolene nezaujma ho aky je to program...
Inak IPTABLES sa pouziva ako gateway firewall nie personall firewall, ako personal firewall si zozen nieco ine...

nj dik p2p , len prave by som potreboval radu co, nieco take jednocuhe, len zabranit programom sa pripajat

aha, ja som to myslel tak ze by si to dal na gateway..
hm, iny schopny firewall som na linuxe nevidel..
btw, daj priklad nejakych dat ktore si myslis ze by nemali co robit na sieti a ako mas spravenu siet

no tak napriklad tieto data by tam nemali co robit,

// poslal by som vam ich aj v normal. subore ale nejako "nemam prava na ulozenie" aj ked spustim program pod rootom tak newim

a co sa ti enzda? ja tam vidim iba nejake dns query a http traffic

no ze pred tym tam neboli, ako mal by som to v podstate v <> kebyze nemam obmedzeny internet a tieto packety sa odosielaju akosi casto takze v poslednom case ani niesom a nete a cely moj mesacny traffic mam v pazi, len neviem preco sa zraazu spustili a preco

skus vypnut vsetky programi co vyuzivaju http protokol (browser, etc.)

ja pouzivam firehol...jednoducho sa nastavuje(ale pokial viem tak nema gui,proste iba konfigurak)

man iptables
.
.
.

owner
This module attempts to match various characteristics of the packet creator, for locally-generated packets.
It is only valid in the OUTPUT chain, and even this some packets (such as ICMP ping responses) may have no
owner, and hence never match.

--uid-owner userid
Matches if the packet was created by a process with the given effective user id.

--gid-owner groupid
Matches if the packet was created by a process with the given effective group id.

--pid-owner processid
Matches if the packet was created by a process with the given process id.

(Please note: This option requires kernel support that might not be available in official Linux ker-
nel sources or Debian's packaged Linux kernel sources. And if support for this option is available
for the specific Linux kernel source version, that support might not be enabled in the current Linux
kernel binary.)

--sid-owner sessionid
Matches if the packet was created by a process in the given session group.

(Please note: This option requires kernel support that might not be available in official Linux ker-
nel sources or Debian's packaged Linux kernel sources. And if support for this option is available
for the specific Linux kernel source version, that support might not be enabled in the current Linux
kernel binary.)

--cmd-owner name
Matches if the packet was created by a process with the given command name.

(Please note: This option requires kernel support that might not be available in official Linux ker-
nel sources or Debian's packaged Linux kernel sources. And if support for this option is available
for the specific Linux kernel source version, that support might not be enabled in the current Linux
kernel binary.)

NOTE: pid, sid and command matching are broken on SMP
.
.
.

To: superlamer

To je dobre co si sem dal, som nevedel, ze to vie aj taketo veci .... resp. som to nikdy nepotreboval, mozno sa to zide niekedy.
NICE POST THNX