From owner-freebsd-security  Tue Aug 21 19:15:24 2001
Delivered-To: freebsd-security@freebsd.org
Received: from femail11.sdc1.sfba.home.com (femail11.sdc1.sfba.home.com [24.0.95.107])
	by hub.freebsd.org (Postfix) with ESMTP id D358F37B405
	for <freebsd-security@freebsd.org>; Tue, 21 Aug 2001 19:15:15 -0700 (PDT)
	(envelope-from maneo@icmp.dhs.org)
Received: from icmp.dhs.org ([64.59.160.69]) by femail11.sdc1.sfba.home.com
          (InterMail vM.4.01.03.20 201-229-121-120-20010223) with ESMTP
          id <20010822021515.JKZM26962.femail11.sdc1.sfba.home.com@icmp.dhs.org>;
          Tue, 21 Aug 2001 19:15:15 -0700
Date: Tue, 21 Aug 2001 21:15:30 -0500 (CDT)
From: "c.s. (maneo) peron" <maneo@icmp.dhs.org>
To: <freebsd-security@freebsd.org>
Cc: <cristjc@earthlink.net>
Subject: Re: inet socket restriction via group (fwd)
Message-ID: <20010821211357.B23012-100000@icmp.dhs.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


On Tue, 21 Aug 2001, Crist J. Clark wrote:

> On Tue, Aug 21, 2001 at 06:47:09PM -0500, c.s. (maneo) peron wrote:
> >
> > True you could use ipfw, however i dont believe you can filter
> > a group when using ipf. (correct me if iam wrong)


Right; please note I acknowledged the fact that you could attain the
same results with ipfw.

& Please note that I was referencing IPF not to be confused with IPFW when
I said I was unsure of the group filtering.

I believe that was clear & self evident.

ipf != ipfw.

regards


>
> You are wrong. ipfw(8) says,
>
>              uid user
>                      Match all TCP or UDP packets sent by or received for a
>                      user.  A user may be matched by name or identification
>                      number.
>
>              gid group
>                      Match all TCP or UDP packets sent by or received for a
>                      group.  A group may be matched by name or identification
>                      number.
>
> --
> Crist J. Clark                           cjclark@alum.mit.edu
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message