Date: Sun, 4 Apr 1999 01:56:43 -0500 (EST) From: Brian Feldman <green@unixhelp.org> To: Kevin Day <toasty@home.dragondata.com> Cc: hackers@FreeBSD.ORG Subject: Re: ipfw uid Message-ID: <Pine.BSF.4.05.9904040150010.17120-100000@janus.syracuse.net> In-Reply-To: <199904040617.AAA19930@home.dragondata.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 4 Apr 1999, Kevin Day wrote: > > Is anyone interested in trying out my addition of per-uid firewalling > > capabilities to ipfw? I just did them today, but they seem to work fine. > > For instance, logging/accounting purpouses: > > > > {"/usr/src/sbin/ipfw"}# ipfw show > > 00050 8157 2864127 count ip from any to any uid 1000 in > > 00060 8952 1834453 count ip from any to any uid 1000 out > > > > Just let me know if you'd like it! > > > > If I'm understanding this correctly, could this be used to prevent all but > one or two users from using a certain IP? (Yes, i realize they could still > try to bind to it, but it wouldn't do them any good). > > I was thinking about doing some kind of file per IP in /proc, that could be > chmod'ed to allow/disallow users from doing things with, but this sounds > much more elegant. :) Certainly, that's one use for this! I must clarify that previously I had my uid test in the wrong place in ip_fw.c, so now output looks more like: {"/home/green"}# ipfw show 00040 2 100 count ip from any to any uid 1000 in 00050 3310 479624 count ip from any to any uid 1000 out The only problem is that incoming packets aren't counted yet, as I haven't figured out the best solution for that. I hope others have ideas so I don't have to wrack my brain too much! The current code can be found at http://janus.syracuse.net/~green/ipfw_uid.patch. Anyone who wants to help with getting incoming packets working with uids, I welcome! Of course, outgoing packet uid firewalling is much more useful in the first place, as it can prevent access to whatever you specify, or track data sent, etc. > > Kevin > Brian Feldman _ __ ___ ____ ___ ___ ___ green@unixhelp.org _ __ ___ | _ ) __| \ FreeBSD: The Power to Serve! _ __ | _ \__ \ |) | http://www.freebsd.org _ |___/___/___/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9904040150010.17120-100000>