Erik Nørgaard a écrit : > Niklaus wrote: > >> Hi, >> How do i disable users on a system to run their own http proxy. I >> don't want to allow users who have login accounts on my system to >> listen to any port . How do i do that. > > > Putting up a packet filter as some suggest may break other things. > > Instead, you can take a look at MAC, Mandatory Access Controls. There > is a module mac_portacl(4) that can control this. > > You need to compile your kernel with options MAC and then add > mac_portacl_load="YES" to loader.conf > > But don't ask me how it works, haven't used it. > > Cheers, Erik > I think u're able to use this sample for doing what u want:
# Allow out FreeBSD (make install & CVSUP) functions # Basically give user root "GOD" privileges. $cmd 070 $skip tcp from me to any out via $pif setup keep-state uid root i found it in the ipfw explain page: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-ipfw.html Michael. _______________________________________________ email@example.com mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"