From owner-freebsd-questions Sun Oct 7 16:19:18 2001 Delivered-To: freebsd-questions@freebsd.org Received: from ren.sasknow.com (ren.sasknow.com [207.195.92.131]) by hub.freebsd.org (Postfix) with ESMTP id B940E37B406 for ; Sun, 7 Oct 2001 16:19:14 -0700 (PDT) Received: from localhost (ryan@localhost) by ren.sasknow.com (8.9.3/8.9.3) with ESMTP id RAA83078; Sun, 7 Oct 2001 17:19:11 -0600 (CST) (envelope-from ryan@sasknow.com) Date: Sun, 7 Oct 2001 17:19:11 -0600 (CST) From: Ryan Thompson To: Abel Alejandro Cc: freebsd-questions@FreeBSD.ORG Subject: Re: bind restriction? In-Reply-To: <000d01c14f7f$544eb610$0201a8c0@elec> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Abel Alejandro wrote to freebsd-questions@FreeBSD.ORG: > Hello everybody, is there a way to restrict bind() to some IP's > depending in the UID? So for example I could make user foo to > use/bind() only the ip 1.2.3.4. Hmm... I don't think you could do this at the syscall level without some kernel hacking... But one thing you could do is use ipfw and simply block everything for this user except 1.2.3.4 ipfw add allow ip from any to 1.2.3.4 uid 1000 ipfw add allow ip from 1.2.3.4 to any uid 1000 ipfw add deny ip from any to any uid 1000 This will still allow users to bind(), but they will not be permitted to send and receive traffic on anything but 1.2.3.4 (AND localhost, unless you put these before the localhost rule). > Thanks. (cc me please, I am not on the list) > > - Ryan -- Ryan Thompson Network Administrator, Accounts SaskNow Technologies - http://www.sasknow.com #106-380 3120 8th St E - Saskatoon, SK - S7H 0W2 Tel: 306-664-3600 Fax: 306-664-1161 Saskatoon Toll-Free: 877-727-5669 (877-SASKNOW) North America To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message