Good point. At the moment though there's no good way to filter based on process. While it might be better to do such things using IPF, I wouldn't be against using privileges for it.
Given they're local processes, it should just be a matter of intercepting connect() calls rather than digging into the data path for each packet. Paul -- This message posted from opensolaris.org
