Linux Needs An Application Firewall And AppArmor Needs Network Rules

Right now there’s no way to stop a program from having network access and outbound Firewall rules are basically useless.

The fact is that if I open literally any single (outbound) port on my system an attacker can use it. Whether I have 1 port open or 1,000 if they’re on my system they’ll have access to it.

What I want is a way to give applications network access on a per-application basis, not on a per-port basis. I’d love for a simple Firewall that just says “X application can bind X port” instead of “Only allow UDP out of X port.”

Without an application Firewall an outbound Firewall is only going to prevent automated attacks.

I still don’t like outbound Firewalls but at least make a useful one.

The network rules in AppArmor are really terrible too. I want to be able to restrict everything with AppArmor. Chrome only needs to use very specific protocols – I want to blacklist the rest. Same goes for xchat and Pidgin. This would prevent actual attacks like NAT Pinning.

Someone get on this.

6 thoughts on “Linux Needs An Application Firewall And AppArmor Needs Network Rules

    • I’ve tried a “deny network,” rule and it didn’t even work – it may need a patch. I’ll test a bit more later to see if those rules work – thanks. They actually look a lot like what I’d want.

    • Well, I definitely think that warrants me looking further. I think I may have added a capability including the networking and that could be overruling it but it shouldn’t.

      I’ll have to look when I have access to my computer.

Leave a Reply

Your email address will not be published. Required fields are marked *