From owner-freebsd-questions@FreeBSD.ORG Fri Oct 17 02:10:13 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 69CA7106569A for ; Fri, 17 Oct 2008 02:10:13 +0000 (UTC) (envelope-from kalpin@muliahost.com) Received: from smtp.velo.net.id (mx3.velo.net.id [203.153.103.161]) by mx1.freebsd.org (Postfix) with ESMTP id 185DC8FC1D for ; Fri, 17 Oct 2008 02:10:12 +0000 (UTC) (envelope-from kalpin@muliahost.com) Received: from localhost (trilian.net2cyber.net [127.0.0.1]) by smtp.velo.net.id (Postfix) with ESMTP id 62B446832C for ; Fri, 17 Oct 2008 08:56:12 +0700 (WIT) X-Virus-Scanned: amavisd-new at velo.net.id Received: from smtp.velo.net.id ([127.0.0.1]) by localhost (trilian.net2cyber.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T5rj-2NwjpQ1 for ; Fri, 17 Oct 2008 08:56:07 +0700 (WIT) Received: from [203.153.106.5] (DALnet.tranquillity.se [203.153.106.5]) by smtp.velo.net.id (Postfix) with ESMTP id 9A0DF6816E for ; Fri, 17 Oct 2008 08:56:07 +0700 (WIT) Message-ID: <48F7F3FD.5090209@muliahost.com> Date: Fri, 17 Oct 2008 09:10:05 +0700 From: Kalpin Erlangga Silaen User-Agent: Thunderbird 2.0.0.17 (Windows/20080914) MIME-Version: 1.0 To: freebsd-questions@freebsd.org Content-Type: text/plain; charset=EUC-KR Content-Transfer-Encoding: 7bit Subject: IPFW UID match questions X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Oct 2008 02:10:13 -0000 Dear all, I tried to implement IPFW rules like below on my shell server: /sbin/ipfw -q add 18600 allow tcp from any to personal_ip in /sbin/ipfw -q add 18650 allow tcp from personal_ip to any out uid kalpin /sbin/ipfw -q add 18660 allow tcp from personal_ip to any out uid root /sbin/ipfw -q add 18670 allow tcp from personal_ip to any out uid nobody /sbin/ipfw -q add 18700 deny tcp from personal_ip to any out I hope with this rule, only user kalpin could be use the vhost personal_ip. Below is brief description line 1 will allow all tcp incoming packets into personal_ip line 2 will allow tcp outgoing packets from personal_ip to anywhere if match uid kalpin line 3 same with line 2 if match uid root (to response identd request from IRC Network if identd run as root) line 4 same with line 3 if match uid nobody (to response identd request from IRC Network if identd run as fall into nobody) line 5 will deny all tcp outgoing packets But, IRC Network still could not get ident response from my server. If I removed line 5, then IRC Network get identd response. My identd process is: root 63932 0.0 0.1 3136 1028 ?? Ss 1:46AM 0:00.03 /usr/local/sbin/oidentd -C /usr/local/etc/oidentd.conf Is there anything else should be done to fix this problem? Thank you Kalpin Erlangga Silaen