Can iptables be set up to filter based on the protocol and the sending application? Specifically ODBC and JDBC traffic? I want to prevent internal users from using installed applications (i.e. MS Query) from accidentally damaging production databases via ODBC/JDBC. When a client workstation creates a session via ODBC/JDBC to the server, the name of the sending application is part of that session. What I would really like to do is use something similar to iptables to capture that application name and possibly the username and let iptables decide whether or not to forward the traffic to the database server. I would just place the server running iptables in the path form the clients to the server itself.

I realize that the standard answer is to limit their access to the database using the built in security setup of the database itself, bu unfortunately these users must have modify, update, insert privileges because the access this database via an ODBC client-server application that is part of a software package.