From owner-freebsd-questions@FreeBSD.ORG Fri Sep 19 13:47:56 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 69D591065675 for ; Fri, 19 Sep 2008 13:47:56 +0000 (UTC) (envelope-from andrewlylegould@gmail.com) Received: from rv-out-0506.google.com (rv-out-0506.google.com [209.85.198.229]) by mx1.freebsd.org (Postfix) with ESMTP id 3B5488FC13 for ; Fri, 19 Sep 2008 13:47:56 +0000 (UTC) (envelope-from andrewlylegould@gmail.com) Received: by rv-out-0506.google.com with SMTP id b25so389807rvf.43 for ; Fri, 19 Sep 2008 06:47:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:cc:in-reply-to:mime-version:content-type:references; bh=ZEh221qClo2HT/LBKBXi5sojdJDnsl1XxWTYkE/0mUs=; b=JXEO8lx22cIMbjEPF/pwpppvHNADGz4pBnYVyYy/ksmeJkP9wU6pFkRHKmOzZfEA1Y eW8o2mtpHl4H8meCPbHF7euNqt7YH1EERO7RnxulR1b9ZnugTyq/lgr/6KMomrebe39G T/SJqtQ1z9wm06lBqOm5+XTubNu9fKKVHsz10= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version :content-type:references; b=l/SwS8qlTEvny84bHHIMTysSLMSv63g5An7Th12k+bOwP2MAEE5v20mtCjTJcuZxoJ tH5nE9XB0oYaMkCgOiEuZ54KTK8t/WmJFnEZlCNRSqgs9u9BswjN7h8J2ffpcnTkVN53 KVvCQC49BSNEIkIuEfeou7usDfCZiz9au76o8= Received: by 10.140.204.7 with SMTP id b7mr41458rvg.175.1221832075491; Fri, 19 Sep 2008 06:47:55 -0700 (PDT) Received: by 10.140.164.16 with HTTP; Fri, 19 Sep 2008 06:47:55 -0700 (PDT) Message-ID: Date: Fri, 19 Sep 2008 08:47:55 -0500 From: "Andrew Gould" To: "Yury Michurin" In-Reply-To: <692c9a9f0809190604m468da35eta9b9e12531b35e7b@mail.gmail.com> MIME-Version: 1.0 References: <692c9a9f0809190439o57f9de43w8e3c8588f0c9cb0b@mail.gmail.com> <692c9a9f0809190604m468da35eta9b9e12531b35e7b@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-questions@freebsd.org Subject: Re: ipf filter by user/group X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Sep 2008 13:47:56 -0000 On Fri, Sep 19, 2008 at 8:04 AM, Yury Michurin wrote: > Sorry for the mistake, i meant pf, the openbsd's packet filter. > > On Fri, Sep 19, 2008 at 2:39 PM, Yury Michurin >wrote: > > > Hello, > > I'm quite new to ipf, Is there an option of filtering packets by > > user/group? > > > > What i want to accomplish is: > > 1. Block users from group 'users' to make outbound connections > > 2. Count traffic for users: alpha, beta, gamma > > > > If i can't accomplish that with ipf, what other firewall you suggest? > > > > > > Thank you for your time, > > Yury. > > > Check out authpf, which is part of pf: http://www.openbsd.org/faq/pf/authpf.html Users have to login as an authpf user via ssh. Once the authpf user is logged in, pf does it's filtering based upon the authpf user's IP address. You can create a ruleset for each authpf user. authpf users without their own ruleset use the a default ruleset. I hope this helps. Andrew