Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 11 Apr 2016 12:36:44 +0200
From:      Ben Woods <woodsb02@gmail.com>
To:        Alexander Klimov <alserkli@inbox.ru>
Cc:        "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org>
Subject:   Re: per-user firewall rules
Message-ID:  <CAOc73CAnRAG7ObPyZQb_6ijz9213F2+zq4Nc1GCL+BhvpCs+ag@mail.gmail.com>
In-Reply-To: <TheMailAgent.14e49d1a@1026da73>
References:  <TheMailAgent.14e49d1a@1026da73>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On Monday, 11 April 2016, Alexander Klimov <alserkli@inbox.ru> wrote:

> I want to make sure that user can only communicate with predefined
> host:tcp-port and cannot send network packets to anywhere else
> (something like `--uid-owner' in iptables).
>
> Does any of the firewalls support this?
>
> --
> Regards,
> ASK
>

IPFW supports the keyword "uid" followed by either the username or user id.
Obviously this only works for packets destined for local sockets. See
http://man.freebsd.org/ipfw man page for more details.

Not sure if PF has a similar feature.

Regards,
Ben


-- 

--
From: Benjamin Woods
woodsb02@gmail.com



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?CAOc73CAnRAG7ObPyZQb_6ijz9213F2+zq4Nc1GCL+BhvpCs+ag>