Right now there’s no way to stop a program from having network access and outbound Firewall rules are basically useless.
The fact is that if I open literally any single (outbound) port on my system an attacker can use it. Whether I have 1 port open or 1,000 if they’re on my system they’ll have access to it.
What I want is a way to give applications network access on a per-application basis, not on a per-port basis. I’d love for a simple Firewall that just says “X application can bind X port” instead of “Only allow UDP out of X port.”
Without an application Firewall an outbound Firewall is only going to prevent automated attacks.
I still don’t like outbound Firewalls but at least make a useful one.
The network rules in AppArmor are really terrible too. I want to be able to restrict everything with AppArmor. Chrome only needs to use very specific protocols – I want to blacklist the rest. Same goes for xchat and Pidgin. This would prevent actual attacks like NAT Pinning.
Someone get on this.