Restrict a port to a single app
Posted
by
viraptor
on Server Fault
See other posts from Server Fault
or by viraptor
Published on 2009-07-03T10:50:13Z
Indexed on
2011/01/16
19:55 UTC
Read the original article
Hit count: 297
I'd like to restrict a range of udp ports to a single application (or a user). What I'd like to achieve is not simply blocking a bind()
from other uids, but also remove the range from a pool that can be auto-assigned.
For example, if someone tries to explicitly bind 12345, but doesn't run the specified app, they should get EPERM. If someone tries to bind an unspecified port, they should never try to bind 12345 at random.
Is there any system that can help here? I tried browsing apparmor / selinux docs, but they seem to do the blocking part only.
© Server Fault or respective owner