From owner-freebsd-security Sun Nov 25 4:17:58 2001 Delivered-To: freebsd-security@freebsd.org Received: from gaia.nimnet.asn.au (nimbin.lnk.telstra.net [139.130.45.143]) by hub.freebsd.org (Postfix) with ESMTP id BCE8F37B405 for ; Sun, 25 Nov 2001 04:17:51 -0800 (PST) Received: from localhost (smithi@localhost) by gaia.nimnet.asn.au (8.8.8/8.8.8R1.2) with SMTP id XAA15978; Sun, 25 Nov 2001 23:17:24 +1100 (EST) (envelope-from smithi@nimnet.asn.au) Date: Sun, 25 Nov 2001 23:17:24 +1100 (EST) From: Ian Smith To: Brett Glass Cc: Kris Kennaway , freebsd-security@FreeBSD.ORG Subject: Re: Security zone In-Reply-To: <4.3.2.7.2.20011124162959.04085de0@localhost> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sat, 24 Nov 2001, Brett Glass wrote: > At 04:11 PM 11/24/2001, Kris Kennaway wrote: > > >It's basically a lie; you can do all this and more under FreeBSD. > > FreeBSD doesn't have per-application control of ports and sockets, > which is what ZoneAlarm *tries* to provide. It'd be nice to add this > as built-in feature, either in the base OS or in ipfw. Yeah, Windows security 'features' for FreeBSD, just what we lack! :) Can't you do 'per-app' stuff in ipfw with users and/or groups? Frankly I'm more contented relying on having port access control in rc.firewall. Cheers, Ian To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message