> If only iptables would allow to filter by the executable path and other process parameters - that would be just so awesome.
You can do that sort of thing with eBPF these days, either at the network level or via process tracing. It's non-trivial still, though. Lots of the various firwewall automation tools have features like this too. It's definitely a solved problem, but not one with a really clean obvious solution yet.
You can do that sort of thing with eBPF these days, either at the network level or via process tracing. It's non-trivial still, though. Lots of the various firwewall automation tools have features like this too. It's definitely a solved problem, but not one with a really clean obvious solution yet.