How can I block an application binding to a port (all OSs)

networking linux ip port

Following up from an issue today, I have a question, possibly stupid, but here goes.

How can I block/prevent an application binding to a specific port? This pertains to linux/unix, but I'd be interested in NT as well.

I know I can prevent traffic using a firewall, and ports under 1024 require root, but I wasn't aware of a way to protect a port, only allowing a designated app to bind.

Is there a way?

Thanks


when you are on linux you can use selinux to accomplish this. you would create a port type for your application and add only the ports you would like your application to connect to. all other ports would generate an error message.

but be aware that selinux rules can get a bit nasty.


You don't mention whether it's one specific application you want to block, or any application.

To do it for any app, just have something bind to it before it starts. Netcat is your friend here. Assuming you want to block tcp/1234, your command would look something like: nc -lp 1234 > /dev/null will do what you want

Related

Exchange 2019 IIS trying to connect to the wrong Server [closed]
can you run a shell command via nohup at later time?
Does mapping internal servers to subdomains leave them more exposed than just using IP?
Do I need Active Directory Certificate Services
How to start etcd in docker from systemd?
How to exit docker exec after container has exited?
Changing NIC Interface Descriptions in Windows
Mount Exchange 2010 EDB to Exchange 2013
Exchange 2010 mailbox database size limits
Difference between Managed Service Account and Non Interactive Server Account in AD
can I have A record and MX record for the same hostname?
nvme device dropouts - I/O 0 QID 0 timeout, controller disabled