Date: Mon, 11 Apr 2016 12:36:44 +0200 From: Ben Woods <woodsb02@gmail.com> To: Alexander Klimov <alserkli@inbox.ru> Cc: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org> Subject: Re: per-user firewall rules Message-ID: <CAOc73CAnRAG7ObPyZQb_6ijz9213F2%2Bzq4Nc1GCL%2BBhvpCs%2Bag@mail.gmail.com> In-Reply-To: <TheMailAgent.14e49d1a@1026da73> References: <TheMailAgent.14e49d1a@1026da73>
next in thread | previous in thread | raw e-mail | index | archive | help
On Monday, 11 April 2016, Alexander Klimov <alserkli@inbox.ru> wrote: > I want to make sure that user can only communicate with predefined > host:tcp-port and cannot send network packets to anywhere else > (something like `--uid-owner' in iptables). > > Does any of the firewalls support this? > > -- > Regards, > ASK > IPFW supports the keyword "uid" followed by either the username or user id. Obviously this only works for packets destined for local sockets. See http://man.freebsd.org/ipfw man page for more details. Not sure if PF has a similar feature. Regards, Ben -- -- From: Benjamin Woods woodsb02@gmail.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAOc73CAnRAG7ObPyZQb_6ijz9213F2%2Bzq4Nc1GCL%2BBhvpCs%2Bag>