From owner-freebsd-security Tue Aug 21 19:15:24 2001 Delivered-To: freebsd-security@freebsd.org Received: from femail11.sdc1.sfba.home.com (femail11.sdc1.sfba.home.com [24.0.95.107]) by hub.freebsd.org (Postfix) with ESMTP id D358F37B405 for ; Tue, 21 Aug 2001 19:15:15 -0700 (PDT) (envelope-from maneo@icmp.dhs.org) Received: from icmp.dhs.org ([64.59.160.69]) by femail11.sdc1.sfba.home.com (InterMail vM.4.01.03.20 201-229-121-120-20010223) with ESMTP id <20010822021515.JKZM26962.femail11.sdc1.sfba.home.com@icmp.dhs.org>; Tue, 21 Aug 2001 19:15:15 -0700 Date: Tue, 21 Aug 2001 21:15:30 -0500 (CDT) From: "c.s. (maneo) peron" To: Cc: Subject: Re: inet socket restriction via group (fwd) Message-ID: <20010821211357.B23012-100000@icmp.dhs.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, 21 Aug 2001, Crist J. Clark wrote: > On Tue, Aug 21, 2001 at 06:47:09PM -0500, c.s. (maneo) peron wrote: > > > > True you could use ipfw, however i dont believe you can filter > > a group when using ipf. (correct me if iam wrong) Right; please note I acknowledged the fact that you could attain the same results with ipfw. & Please note that I was referencing IPF not to be confused with IPFW when I said I was unsure of the group filtering. I believe that was clear & self evident. ipf != ipfw. regards > > You are wrong. ipfw(8) says, > > uid user > Match all TCP or UDP packets sent by or received for a > user. A user may be matched by name or identification > number. > > gid group > Match all TCP or UDP packets sent by or received for a > group. A group may be matched by name or identification > number. > > -- > Crist J. Clark cjclark@alum.mit.edu > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message