From owner-freebsd-questions  Sun Aug 13 16:38:58 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from horst.bfd.com (horst.bfd.com [12.9.219.10])
	by hub.freebsd.org (Postfix) with ESMTP id 2D06137B773
	for <freebsd-questions@FreeBSD.ORG>; Sun, 13 Aug 2000 16:38:56 -0700 (PDT)
	(envelope-from ejs@bfd.com)
Received: from HARLIE.bfd.com (bastion.bfd.com [12.9.219.14])
	by horst.bfd.com (8.10.0/8.10.0) with ESMTP id e7DNcji49711;
	Sun, 13 Aug 2000 16:38:47 -0700 (PDT)
Date: Sun, 13 Aug 2000 16:38:44 -0700 (PDT)
From: "Eric J. Schwertfeger" <ejs@bfd.com>
To: Evren Yurtesen <yurtesen@ispro.net.tr>
Cc: freebsd-questions@FreeBSD.ORG
Subject: Re: allowing a user to bind a specific IP only?
In-Reply-To: <Pine.BSF.4.21.0008131905470.41423-100000@finland.ispro.net.tr>
Message-ID: <Pine.BSF.4.21.0008131634310.72220-100000@harlie.bfd.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Sun, 13 Aug 2000, Evren Yurtesen wrote:

> Is it possible to allow a user's processes to be able
> to bind a specific IP only? (assuming the machine has multiple
> IP addresses)

I've never tried it, but it is at least theoritically possible to use ipfw
to filter based on the owner of the local process, so you could reject any
packets that the user sends or receives, unless they're to the one
allowed IP address.  This isn't the exact mechanism you're looking for, so
I don't know if it will solve the problem you're running into. 

It would take two ipfw rules, the first being a skipto skipping past the
second rule, matching if it is the allowed IP address, the second denying
if it is the restricted user.



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message