VPS firewall
- Thread starter ChatIndia
- Start date
pornophobic
Member
- Messages
- 32
- Reaction score
- 1
- Points
- 8
You won't find an answer to your question, sadly. That's just because there aren't many solutions to what you're looking for because there aren't many reasons to have it on Linux.
There are some options that I can think of:
1. Uninstall the application that is connecting to the internet when you don't want it to.
2. If you know the hostname(s) of where this application is trying to connect, enter those hostnames as 127.0.0.1 in your /etc/hosts
3. Enable SELinux and change the policy for the said application(s).
4. Use iptables to block connections on the protocol it is using (not a good idea if it is http or any other needed protocol) in a rule based on the user running the process. OR use netstat to find the ips your unwanted connections are going and block any outgoing connections to those IPs.
5. Grab the source for the 'offending' software and patch it
6. As lysharia mentioned, if you are using a control panel there may be some settings to do that sort of thing. I don't know of any control panels that do this, but it is possible.
6. Disconnect from the internet altogether.
But you won't have much luck in finding many people who know how to install any firewalls with application based rules because there really aren't any.
There are some options that I can think of:
1. Uninstall the application that is connecting to the internet when you don't want it to.
2. If you know the hostname(s) of where this application is trying to connect, enter those hostnames as 127.0.0.1 in your /etc/hosts
3. Enable SELinux and change the policy for the said application(s).
4. Use iptables to block connections on the protocol it is using (not a good idea if it is http or any other needed protocol) in a rule based on the user running the process. OR use netstat to find the ips your unwanted connections are going and block any outgoing connections to those IPs.
5. Grab the source for the 'offending' software and patch it
6. As lysharia mentioned, if you are using a control panel there may be some settings to do that sort of thing. I don't know of any control panels that do this, but it is possible.
6. Disconnect from the internet altogether.
But you won't have much luck in finding many people who know how to install any firewalls with application based rules because there really aren't any.
- Messages
- 6,084
- Reaction score
- 368
- Points
- 83
You could install CSF, as I think it's compatible with Ubuntu Server:
http://configserver.com/cp/csf.html
Once installed, in the configuration you can define which ports you want to whitelist.
http://configserver.com/cp/csf.html
Once installed, in the configuration you can define which ports you want to whitelist.
- Messages
- 2,928
- Reaction score
- 118
- Points
- 63
If the applications are running under their own users, you can direct outgoing packets from those uids to their own iptables chains where you can then apply different rulesets from your main OUTPUT chain.
for example, let's say you want to restrict www-data (which apache runs as) and postfix
for example, let's say you want to restrict www-data (which apache runs as) and postfix
Code:
(you'll need to either prefix all of these with "sudo" or run as root)
iptables -N APACHE
iptables -N POSTFIX
iptables -A OUTPUT -m owner --uid-owner www-data -j APACHE
iptables -A OUTPUT -m owner --uid-owner postfix -j POSTFIX
# allow apache to connect outbound on ports 80 (tcp), 443 (tcp), and 53 (udp) but no others
iptables -A APACHE -p tcp --dport 80 -j ACCEPT
iptables -A APACHE -p tcp --dport 443 -j ACCEPT
iptables -A APACHE -p udp --dport 53 -j ACCEPT
iptables -A APACHE -j DROP
# allow postfix to connect out on 25 (tcp)
iptables -A POSTFIX -p tcp --dport 25 -j ACCEPT
iptables -A POSTFIX -j DROP