Date: Mon, 1 Jan 2001 21:56:25 -0800 (PST) From: Luigi Rizzo <rizzo@aciri.org> To: anders@fix.no (Anders Nordby) Cc: billf@mu.org, freebsd-net@FreeBSD.ORG Subject: Re: ipfw uid rules and matching specific services for bandwidth limiting Message-ID: <200101020556.f025uPH69405@iguana.aciri.org> In-Reply-To: <20010102014330.A75512@totem.fix.no> from Anders Nordby at "Jan 2, 2001 1:43:30 am"
next in thread | previous in thread | raw e-mail | index | archive | help
the easy way could be (probably) force the ftp daemon run as some other user, or assign a second IP to the server and make sure that the ftpd binds to the second address. But in the end, one probably might also like to have a separate namespace where processes can [be forced to] register and whose values can be used as keys by the various resource allocators (dummynet is just an example, one might want to do the same thing with filesystem clients) cheers luigi > > FYI I am running 4.1.1-STABLE as of Tue Oct 24 01:25:55 CEST 2000, and top(1) > > shows all proftpd processes as being owned by root. > > If I filter on uid root, the rules will match the packets (I tried with > specific IPs + uid root): > > 00010 1539 2307193 count log ip from any to 192.168.0.34 uid root > 00011 881 35259 count log ip from 192.168.0.34 to any uid root > > But then again filtering on uid root is not what I want -- it will match > ssh sessions and other things as well. And then I'm back to start.. > > Regards, > > -- > Anders. > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200101020556.f025uPH69405>