per-user firewall rules
Ben Woods
woodsb02 at gmail.com
Mon Apr 11 10:36:46 UTC 2016
On Monday, 11 April 2016, Alexander Klimov <alserkli at inbox.ru> wrote:
> I want to make sure that user can only communicate with predefined
> host:tcp-port and cannot send network packets to anywhere else
> (something like `--uid-owner' in iptables).
>
> Does any of the firewalls support this?
>
> --
> Regards,
> ASK
>
IPFW supports the keyword "uid" followed by either the username or user id.
Obviously this only works for packets destined for local sockets. See
http://man.freebsd.org/ipfw man page for more details.
Not sure if PF has a similar feature.
Regards,
Ben
--
--
From: Benjamin Woods
woodsb02 at gmail.com
More information about the freebsd-questions
mailing list