Welcome to Linux Forums! With a comprehensive Linux Forum, information on various types of Linux software and many Linux Reviews articles, we have all the knowledge you need a click away, or accessible via our knowledgeable members.
Find the answer to your Linux question:
Write an article for LinuxForums Today! Win Great Prizes!
Been messing around with jailkit over the weekend and ended up writing a lengthy tutorial on how to use jailkit to securely use certain applications on a machine with a default outbound drop iptables firewall. I use rtorrent as an example because there is no way to predict the outbound port connections a bittorrent app needs to make. While rtorrent is the example, this could be used for numerous applications including a host of penetration testing tools (nmap, etc) as well other p2p programs. Really, it can be used to run any apps that use hard to define outbound connection alongside outbound filtering with iptables. Basically this tutorial shows how to set up the rtorrent program in a chroot jail with jailkit and an rtorrent user and then use iptables to allow the necessary port exceptions based on user matching. This allows you to enjoy the security benefits of egress filtering and still run certain applications that don't do outbound connections in a predictable manner. See my original blog post here: http://nightg0at.blogspot.com/2011/03/using-chroot-jails-for-egress-filtering.html