disable listen on ports
Bill Moran
wmoran at collaborativefusion.com
Sun Apr 2 15:11:19 UTC 2006
Niklaus <niklaus at gmail.com> wrote:
> Hi,
> How do i disable users on a system to run their own http proxy. I
> don't want to allow users who have login accounts on my system to
> listen to any port . How do i do that.
Put up a packet filter. With IPFW you could do:
ipfw add reject tcp from any to me setup
They could then start all the listening daemons they wanted, but the
kernel would prevent any of them from ever getting a connection. For
UDP, something like this should work:
ipfw add pass udp from me to any keep-state
ipfw add reject udp from any to me
... which would allow connections to be initiated from the machine, but
not to the machine.
--
Bill Moran
Potential Technologies
http://www.potentialtech.com
More information about the freebsd-questions
mailing list