I am looking for this many years ago, but still have not found any solution, so I would like to ask you if anyone know how to solve this.
There is a computer network, every node has a different subnet and VLAN to prevent listening each other (nodes wired to the router and cross VLAN communications are explicitly blocked in the router; each node runs on different subnet). The Mikrotik router runs a firewall, that filters communication based on a whitelist ruleset.
I realized that port and content based filtering is not enough, and I need to implement an application based network filter on the router itself.
So I am looking for a solution that can mark/tag IP packets with some application specific data. Then I would like to analyze and filter the marked/tagged packets on the router to decide which is allowed or not.
For example, there is a node, which runs firefox, chrome, vlc and other softwares, and I would like to only allow firefox to communicate with any servers outside of the local network - over port 80 (HTTP) and 443 (HTTPS). Meanwhile I would like to restrict chrome to access only several servers outside of the local network - over the same ports and protocols.
So what I need is a software, which can somehow mark/tag the outgoing packets with a predefined ID of the application which is sending the packets. So there could be a list of key-value pairs (pathOfExecutable:customID), like:
/usr/lib/firefox/firefox:20 /opt/google/chrome/chrome:21
Every application which is not specified in this list should be marked with a default value, with 0 for example.
Then after the packet leaves the computer, I need to be able to detect these marks/tags with RouterOS on the Mikrotik router to implement filtering.
Do you know how to do this? I would really appreciate any solution or help.
Thank you!
No comments:
Post a Comment