On Mon, Feb 25, 2019 at 12:31:42PM -, Stuart Henderson wrote:
I've not done much with ssh tun forwarding, but I have previously had
to run openvpn over TCP and didn't find that it really get in the
way in practice, even with connections over wifi. It would depend
on connection
On 2019-02-25, Frank Beuth wrote:
> On Sun, Feb 24, 2019 at 03:12:31PM +, Stuart Henderson wrote:
>>Basically I'm trying to say, if you wanted to do it the other way round
>>(pass by default, block certain traffic) you wouldn't be able to block
>>everything.
>>
>>If you're trying to stop all
On Sun, Feb 24, 2019 at 03:12:31PM +, Stuart Henderson wrote:
Basically I'm trying to say, if you wanted to do it the other way round
(pass by default, block certain traffic) you wouldn't be able to block
everything.
If you're trying to stop all possible paths something on the system
might
Yes, right in the default pf.conf they block the pbuild user:
block return out log proto {tcp udp} user _pbuild
On 2/23/19 10:43 PM, Frank Beuth wrote:
Is it possible to restrict network access on a per-user or
per-application (rather than per-port) basis?
pf does not seem to have any
On 2019/02/24 21:44, Frank Beuth wrote:
> On Sun, Feb 24, 2019 at 09:56:12AM -, Stuart Henderson wrote:
> > PF 'user' should do the trick. Note: it only works for TCP/UDP but for
> > this you should be able to do something like
> >
> > block all
> > pass inet proto tcp to 192.0.2.1 port 22
On Sun, Feb 24, 2019 at 09:56:12AM -, Stuart Henderson wrote:
PF 'user' should do the trick. Note: it only works for TCP/UDP but for
this you should be able to do something like
block all
pass inet proto tcp to 192.0.2.1 port 22 user sshtunnel
Thanks. You say "only works for TCP/UDP",
On 2019-02-24, Frank Beuth wrote:
> On Sun, Feb 24, 2019 at 09:09:06AM +0100, Denis Fondras wrote:
>>On Sun, Feb 24, 2019 at 01:43:08PM +0700, Frank Beuth wrote:
>>> Is it possible to restrict network access on a per-user or per-application
>>> (rather than per-port) basis?
>>>
>>> pf does not
On Sun, Feb 24, 2019 at 09:09:06AM +0100, Denis Fondras wrote:
On Sun, Feb 24, 2019 at 01:43:08PM +0700, Frank Beuth wrote:
Is it possible to restrict network access on a per-user or per-application
(rather than per-port) basis?
pf does not seem to have any capability to do this, maybe I
On Sun, Feb 24, 2019 at 01:43:08PM +0700, Frank Beuth wrote:
> Is it possible to restrict network access on a per-user or per-application
> (rather than per-port) basis?
>
> pf does not seem to have any capability to do this, maybe I missed something.
>
Don't know what you are aiming to do but
Is it possible to restrict network access on a per-user or per-application
(rather than per-port) basis?
pf does not seem to have any capability to do this, maybe I missed something.
10 matches
Mail list logo