In response to Kevin Hunter <[EMAIL PROTECTED]>: > > This may not be the correct list to ask this question, so please > point me in the right direction in that case. > > We are in the process of setting up a bastion host. One of the > things we'd like to do is to filter packets not only at the ip layer, > but by what program is listening on a particular port. Is this a > possibility? > > A quick 5 minute Google didn't provide me with anything noticeable, > but that my just be my noobness in the *BSD world. So play nice! ;-)
Are you saying that you want to have the packet filter check to see what application is listening on a particular port, then allow/deny access based on the name of the application? Do you not have control over what is run on this system? However, you might be able to accomplish this by using a pf table, then having a secondary script update the table based on the output of sockstat or some other similar hack. -- Bill Moran http://www.potentialtech.com _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"