Date: Sun, 7 Oct 2001 17:19:11 -0600 (CST) From: Ryan Thompson <ryan@sasknow.com> To: Abel Alejandro <elec@netpirate.org> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: bind restriction? Message-ID: <Pine.BSF.4.21.0110071711001.72469-100000@ren.sasknow.com> In-Reply-To: <000d01c14f7f$544eb610$0201a8c0@elec>
next in thread | previous in thread | raw e-mail | index | archive | help
Abel Alejandro wrote to freebsd-questions@FreeBSD.ORG: > Hello everybody, is there a way to restrict bind() to some IP's > depending in the UID? So for example I could make user foo to > use/bind() only the ip 1.2.3.4. Hmm... I don't think you could do this at the syscall level without some kernel hacking... But one thing you could do is use ipfw and simply block everything for this user except 1.2.3.4 ipfw add <number> allow ip from any to 1.2.3.4 uid 1000 ipfw add <number> allow ip from 1.2.3.4 to any uid 1000 ipfw add <number> deny ip from any to any uid 1000 This will still allow users to bind(), but they will not be permitted to send and receive traffic on anything but 1.2.3.4 (AND localhost, unless you put these before the localhost rule). > Thanks. (cc me please, I am not on the list) > > - Ryan -- Ryan Thompson <ryan@sasknow.com> Network Administrator, Accounts SaskNow Technologies - http://www.sasknow.com #106-380 3120 8th St E - Saskatoon, SK - S7H 0W2 Tel: 306-664-3600 Fax: 306-664-1161 Saskatoon Toll-Free: 877-727-5669 (877-SASKNOW) North America To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0110071711001.72469-100000>