On 2019-04-01 05:14, Riccardo Giuntoli wrote:
Hello there,
Riccardo Giuntoli writing from Spain, nice to hear from you.
In my pf.conf i want to force all outgoing connection from a specific
user
in egress from a machine take a route different from the default.
Something
like this (it doesn't work):
match out on egress inet proto {tcp udp} from self nat-to ($vpn_if)
user
_tor
Is it possible? Can i isolate a specific user with rdomain and rtable?
Nice regards,
Hi Riccardo,
it is possible to match according to user but there might be an issue.
man pf.conf states that the socket's owner is the one that created it. I
don't know about Tor, but perhaps it starts as root, creates a socket on
a privileged port and then drops privileges? If that is the case the
rule won't match, as according to pf, the socket will be owned by root.
I'm not a PF wizard but I want to give you ideas. I'm sure other people
can provide more help.
Best regards from Barcelona too,
Enric
