Is there any way on Linux to block UDP traffic for a specific process. I tried using AppArmor deny of certain traffic, but it only supports total denial of all network access, not a specific protocol. I dont want to block all UDP for the system, just 1 process. Unfortunately this is because NodeJS applications love to restrict and control the ability of the user to modify the behavior of the application, short of them rewriting code.
Asked
Active
Viewed 217 times
1
-
`NodeJs ` run with its own user? Use the same source port for the udp traffic? – DanieleGrassini Mar 05 '21 at 17:14
-
It uses the same destination port but if you block that port then it switches to random ports. – john doe Mar 05 '21 at 17:15
-
2https://unix.stackexchange.com/questions/68956/block-network-access-of-a-process take a look here – DanieleGrassini Mar 05 '21 at 17:27
-
Using `unshare` as @YetAnotherUser suggests is a good way to jail a process entirely from the network. Giving it back some access (not all) after doing that is possible with `iptables` but may be complicated. Consider using [docker](https://www.docker.com/) or similar container technology. Containers basically manage the namespaces for you. They can be a steep learning curve though. – Philip Couling Mar 05 '21 at 21:17