Date: Sun, 2 Apr 2006 11:11:16 -0400 From: Bill Moran <wmoran@collaborativefusion.com> To: Niklaus <niklaus@gmail.com> Cc: questions@freebsd.org Subject: Re: disable listen on ports Message-ID: <20060402111116.49509825.wmoran@collaborativefusion.com> In-Reply-To: <85e0e3140604020746t19565d1doc61493b89ec87905@mail.gmail.com> References: <85e0e3140604020746t19565d1doc61493b89ec87905@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Niklaus <niklaus@gmail.com> wrote: > Hi, > How do i disable users on a system to run their own http proxy. I > don't want to allow users who have login accounts on my system to > listen to any port . How do i do that. Put up a packet filter. With IPFW you could do: ipfw add reject tcp from any to me setup They could then start all the listening daemons they wanted, but the kernel would prevent any of them from ever getting a connection. For UDP, something like this should work: ipfw add pass udp from me to any keep-state ipfw add reject udp from any to me ... which would allow connections to be initiated from the machine, but not to the machine. -- Bill Moran Potential Technologies http://www.potentialtech.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060402111116.49509825.wmoran>