I'm looking for a way to detect applications on my network with iptables, similar to the App-ID feature found in Palo Alto Networks firewalls. Are there any built-in features in iptables or add-on solutions that can help with this? Thanks for your input!
1 Answer
You can't really do that directly with iptables, but you can limit an application's binary to run as a specific user or group. Then, with iptables, you can use the '-m owner --uid-owner ' option to restrict that user from accessing the network. Pairing this with tools like AppArmor and systemd can further enhance your security.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures