Windows 环境中是否有类似 ZoneAlarm、Keiro 或 Comodo 的 Linux 防火墙?
我喜欢能够监控和阻止任何 Linux 程序基于每个应用程序建立 TCP/UDP 连接。
netfilter,ipfilter只能在系统级别处理它。
有关我理想的“老大哥”安全监视器的更多详细信息。
I like to setup the following security policy:
Only Apache is allowed to accept connections from everything.
MySQL can accept connections from only a select few IPs.
If any other application tries to accept / make any connections,
log it and flags it for analysis.
Log the time, app name, user, to where, amount of traffic xfer,
trigger script to do stack dump, strace on the pid, etc).
X GUI config is nice, but I am not a GUI person.
Prefer web or XML base configuration and logging for ease of analysis.
Should be able to track app even if the user is root.
Track app base on name/path
Validate the app's size, date, first and last 32 bytes value
(Optionally, md5/shar sig of the whole app.)
答案1
嗯,这是主人的匹配:
owner
This module attempts to match various characteristics of the packet creator, for locally-generated packets.
--uid-owner userid
Matches if the packet was created by a process with the given effective user id.
--gid-owner groupid
Matches if the packet was created by a process with the given effective group id.
--pid-owner processid
Matches if the packet was created by a process with the given process id.
--sid-owner sessionid
Matches if the packet was created by a process in the given session group.
--cmd-owner name
Matches if the packet was created by a process with the given command name. (this option is present only if
iptables was compiled under a kernel supporting this feature)
这可能不如 Windows 版本那么强大。但我不喜欢每个应用程序/进程的防火墙规则。这是 Windows 所需要的 ;)
答案2
您是否正在寻找类似Linux 防火墙app?
我认为 iptables 可以做这些事情,而且大多数工具都是对它们的包装。