I was wondering if any1 knows if iptables has the ability to implement "application intelligence"?
My sepcific interest is to implement something like this:
I have a host, connected to the internet, and it runs iptables, while ssh's tcp port is the only one opened.
Now, I want that instead of opening this port, every communication to that port will be dropped, unless the computer which tries to connect to it, will try to connect with a specific user.
example: the user "haim" is allowed to my machine, and others ain't.
doing: remote-machine> ssh [EMAIL PROTECTED] will be dropped by iptables. doing: remote-machine> ssh [EMAIL PROTECTED] will be allowed by iptables.
10x, Noam Meltzer
================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
