Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 11 Apr 2016 12:36:44 +0200
From:      Ben Woods <>
To:        Alexander Klimov <>
Cc:        "" <>
Subject:   Re: per-user firewall rules
Message-ID:  <>
In-Reply-To: <TheMailAgent.14e49d1a@1026da73>
References:  <TheMailAgent.14e49d1a@1026da73>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On Monday, 11 April 2016, Alexander Klimov <> wrote:

> I want to make sure that user can only communicate with predefined
> host:tcp-port and cannot send network packets to anywhere else
> (something like `--uid-owner' in iptables).
> Does any of the firewalls support this?
> --
> Regards,

IPFW supports the keyword "uid" followed by either the username or user id.
Obviously this only works for packets destined for local sockets. See man page for more details.

Not sure if PF has a similar feature.



From: Benjamin Woods

Want to link to this message? Use this URL: <>