> > For the benefit of packet sniffers and other things that only want > > read-only access to /dev/bpf*, what do people think of adding a 'bpf' > > group for those programs? This allows bpf devices to be read by > > programs running with an effective gid of 'bpf' instead of the current > > requirement for an effective user of root. I've been running this way > > on many of our servers for several months now, and things like snort, > > tcpdump, etc., are quite happy with it (under stable). > > There's the other small problem that you have to be root to set > promiscuous mode.
Not on 4.x. Haven't tried -current. Steinar Haug, Nethelp consulting, [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message