andrew clarke [EMAIL PROTECTED] writes:
Is it possible to configure the FreeBSD firewall to block ports on a
per-user or per-executable basis?
If your firewall is PF, you can use authpf(8) to configure per user rule sets.
--
Peter N. M. Hansteen, member of the first RFC 1149 implementation
I believe IPFW has uid option on rules as in
070 deny tcp from me to any out via $pif setup keep-state uid bob
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of andrew
clarke
Sent: Thursday, February 09, 2006 3:49 AM
To: freebsd-questions@freebsd.org
Subject:
andrew clarke wrote:
Is it possible to configure the FreeBSD firewall to block ports on a
per-user or per-executable basis?
eg.
- Block /usr/local/bin/irc from connecting to TCP port 6667
- Block user 'johnsmith' from connecting to TCP port 21
Yes to users (if the connections originate
[mailto:[EMAIL PROTECTED] On Behalf Of Chuck Swiger
Sent: Thursday, February 09, 2006 4:30 AM
To: andrew clarke
Cc: freebsd-questions@freebsd.org
Subject: Re: fine grained firewall?
andrew clarke wrote:
Is it possible to configure the FreeBSD firewall to block ports on a
per-user
On Thu, Feb 09, 2006 at 07:30:17AM -0500, Chuck Swiger wrote:
Is it possible to configure the FreeBSD firewall to block ports on a
per-user or per-executable basis?
eg.
- Block /usr/local/bin/irc from connecting to TCP port 6667
- Block user 'johnsmith' from connecting to TCP
andrew clarke wrote:
On Thu, Feb 09, 2006 at 07:30:17AM -0500, Chuck Swiger wrote:
[ ... ]
Yes to users (if the connections originate from the firewall box), no to
per-executables. The latter seems useless when cp irc myirc is all it
would
take to defeat it. Frankly, neither option is very