blublob Posted February 26, 2015 Share Posted February 26, 2015 Hello all, this will be long; two parts, but don't be afraid, I will make it easy for you. Part One is backstory (you can skip this entirely), part two is current problem, and I will even include a TL;DR in the end. --------Part One-------- Help me get away from big data? I have been wanting to setup my desktop with linux for quite some time now, and have began working with it inside VirtualBox so I am sure I can get all the settings, and programs working that I will use, before I install it natively. However when I came across this article Choosing a Linux Music Player I hit a massive roadbump. I did catch some internet activity from Clementine. A few seconds after launching, the player connects to Magnatune and Google. If you dont use it, Magnatune can be disabled which will stop that connection. The Google call, however, persisted even when all the extras were disabled. Clementine sent a GET request to a 1e100 server wanting my geolocation (by IP address) info. Google responded with the date and time, my city name, latitude & longditude and country. This happens every time Clementine starts and the developers said its used by the Songkick API to find concerts in my area for artists I was listening to. So now my search began for something similar to Little Snitch for Linux.The problem is that every forum post I manage to find, that even mention application based firewall for linux, are littered with besserwissers who speak about how linux need no such thing as it is not windows, and therefore is no target of malware and trojans and the likes. Others speak of how you should trust the programs in the offical repos, and need no option to block any outgoing traffic. Basically every such topic derails massively without any real solutions given, other than 'if linux had a need for this, someone would have made it allready!'. Now I will try my luck with you guys. Is there currently a way for me to block unknown outgoing traffic as it first happens on an application level? If it is retroactive it might be too late, as it might have gotten info to change contact server, and me blocking the ip it used last time is of no use. Maybe block all traffic not approved, and log any that attempts, so I can give it access before next time it tries. (Keep in mind that some programs might have tcp traffic on port 80 that I want, but traffic on port 443 and 80 to a different ip that I have no interest in granting them. Others might use p2p, like skype, so they will not have static ip's they contact.) --------Part Two-------- It took some more searching, but I found out that a LSM could do this for me. So I turned on TOMOYO. After reading these two pages I was able to turn it from blacklist to whitelist, and block network on a per application basis. https://forum.manjaro.org/index.php?topic=6408.0 http://tomoyo.sourceforge.jp/2.5/chapter-9.html.en Now my problem is how to whitelist, or blacklist a given ip over a given port for a certain program. In this page it lists: Restrict remote IP addresses and port numbers for outgoing connections? Y Restrict remote IP addresses and port numbers for outgoing packets? Y Restrict local IP addresses and port numbers? Y Restrict remote UNIX addresses for outgoing connections? Y Restrict remote UNIX addresses for outgoing packets? Y Restrict local UNIX addresses? Y That means it should be possible, right?As an example, how and where would I edit to allow firefox access to the web, except 18.104.22.168 tcp port 80 ? And how would I do it if I wanted firefox to only be able to access 22.214.171.124 tcp port 80 ? --------TL;DR-------- Using TOMOYO Linux I would like to know where and how I need to edit something to block a program from doing outgoing calls to a given ip over a given port and protocol. Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.