I want to harden my server from "ip hijacking" by restricting a port to a particular service/program to use. For example, this site might be using ngnix to listen to port 443, but once a hacker gets into the server and shuts it down, they can just use a mock program instead and at least acquire some user accounts and passwords. Another threat comes within - an employee who runs the server could mock one to acquire user information if enabled to shutdown the server and run a mock using the same port. This is a real vulnerability in C/S framework because the valid identification of server by a client is its ip+port only. ASUS has been disposed an accident that its firmware updating service was replaced by hacker to instill trojans to ASUS laptops trying to get recent "updates". I believe the quick and strong way to prevent these accidents is to use some firewall and explicitly dedicate some port number for some program (binary or python script) only, trying to bind it to any other program will be denied. Is there functionality in firewalld/iptables/SELinux or any other security programs to implement this idea? PS: I heard that iptables could reserve a port to a certain user group, then it might be doable through chain restrictions. Thanks in advance.