On Sat, Mar 19, 2011 at 2:05 PM, johhny_at_poland77 <johhny_at_polan...@zoho.com> wrote: > Does somebody has an idea, that what kind of iptables/pf rule must i use to > achieve this?: > > i only want to allow these connections [on the output chain]: > > on port 53 output only allow udp - dns > on port 80 output only allow tcp - http > on port 443 output only allow tcp - https > on port 993 output only allow tcp - imaps > on port 465 output only allow tcp - smtps > on port 22 output only allow tcp - ssh > on port 20-21 output only allow cp - ftp > on port 989-990 output only allow tcp - ftps > on port 1194 output only allow udp - OpenVPN > > So that e.g.: OpenVPN on port 443 would be blocked, because only HTTPS is > allowed on port 443 outbound. > > Any ideas? :\ > >
Yes, write some sort of traffic-classification daemon that uses divert sockets to pass/deny traffic based on what that traffic is. I will personally check it in to the ports system once you are done and it has undergone a complete audit.
