Re: TuxGuardian - application based firewall
Originally Posted by scruffyeagle
First iptables is not now nor has it EVER been an application firewall. If you want application based firewalling and containment you need to check out things like SELinux or Apparmor, many applications have their own application (for instance mod-security) for Apache.
As far as applications becoming a server or creating connections -- there are methods around this without reinventing the wheel. Iptables can and does provide the functionality to prevent this. Granted -- this is not in the default UFW configuration, that does not mean it does not exist.
For Windows mindset I think that might be the case here : it seems like you are looking for something like Zone Alarm to pop up a warning that something is trying to access the network. While there may be front ends for this, Linux largely assumes you know what you are doing -- and most Linux users find functionality like this inconvenient to say the least.
When it comes to pid's and connection tracking, again the functionality is there (not in default configuration) , and in my opinion regardless of the platform, and regardless of the method of controlling it application inventories have ALWAYS been a personal responsibility. While creating an application to automate this task might be beneficial to some I doubt it. The reason being, most users who would need something like this are "clickers" they click yes to everything, with the hopes that whatever task they are trying to complete is successful.
Bottom line , I think there is quite enough of this functionality for users who really want it. While it is there it remains un-intrusive for those who do not wish to deal with an operating system that looks and feels like Windows.
As far as writing your own functionality -- if you want a niche application request filled you may have to pony up and write it for yourself. When writing something like an operating system you have a very wide and diverse range of needs and wants. You can't meet them all. So it's not unreasonable to say if you want something that the majority doesn't want go ahead and learn C and create it.
Last edited by Dangertux; August 25th, 2011 at 05:20 PM.
Tags for this Thread