Date: Thu, 09 Feb 2006 07:30:17 -0500 From: Chuck Swiger <cswiger@mac.com> To: andrew clarke <mail@ozzmosis.com> Cc: freebsd-questions@freebsd.org Subject: Re: fine grained firewall? Message-ID: <43EB35D9.8040409@mac.com> In-Reply-To: <20060209084833.GA26877@ozzmosis.com> References: <20060209084833.GA26877@ozzmosis.com>
next in thread | previous in thread | raw e-mail | index | archive | help
andrew clarke wrote: > Is it possible to configure the FreeBSD firewall to block ports on a > per-user or per-executable basis? > > eg. > > - Block /usr/local/bin/irc from connecting to TCP port 6667 > > - Block user 'johnsmith' from connecting to TCP port 21 Yes to users (if the connections originate from the firewall box), no to per-executables. The latter seems useless when "cp irc myirc" is all it would take to defeat it. Frankly, neither option is very useful or would be needed for a good ruleset... -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?43EB35D9.8040409>