Date: Fri, 12 Oct 2001 14:30:31 +0200 From: Alson van der Meulen <alm@flutnet.org> To: freebsd-questions@freebsd.org Subject: Re: How to protect binding to interface ? Message-ID: <20011012143031.B21997@md2.mediadesign.nl> In-Reply-To: <20011010214156.B27378@brained.org> References: <20011010214156.B27378@brained.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Oct 10, 2001 at 09:41:56PM -0400, Simon Perkins wrote: > Hi, > > I am learning freeBSD and wanted to know if there is any means in > freeBSD to prevent non-root users to bind to public interfaces or > maybe something which even makes the public network interfaces > invisible to them. Can anybody point me in right direction ? try something like: allow tcp from any to any in via fxp0 setup uid root reset tcp from any to any in via fxp0 setup (where fxp0 is your public interface) in your firewall rules (ipfw). this is for tcp only, go figure yourself how to do udp (might be difficult since there's no 'setup' keyword for udp, maybe you can just deny them any udp traffic, the only normal udp traffic i can think of is dns, but that can me circumvented by running a local caching bind). if you've any non-root network daemons running (e.g. bind as non-root user), add seperate allow rules for these (before the reset rule ofcourse) note: this is untested AFAIK, there's no thing to deny them binding, you can only deny all traffic to these sockets. -- ,-------------------------------------------. > Name: Alson van der Meulen < > Personal: alson@flutnet.org < > School: alson@gymnasiumleiden.nl < `-------------------------------------------' Terminated??! --------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011012143031.B21997>