I am designing a security policy for a server program on Linux. I wish to reserve a tcp port number-say 8888, to and only to that executable of the program to listen to. Then I could turn the program files as r-x in nosudo user and allow only the port 8888 to be in and nothing out on firewall. (Might turn SSH in allow as well) . A trojan cannot spoof that program and hijack port 8888, or auto-connect to hacker's server.
Thus the whole three will leave hackers no vulnerability to attack except for those in the the program itself. Recent news that ASUS server has been hacked and installed trojans to many ASUS computers through fake updates, further proves the necessity of this policy.
However I have not found an application like ufw or SELinux to enforce the tcp port reserve policy. Is there a way to implement it?