Date: Tue, 21 Aug 2001 22:07:23 -0700 From: Jason DiCioccio <jdicioccio@epylon.com> To: "'cjclark@alum.mit.edu'" <cjclark@alum.mit.edu>, "c.s. (maneo) peron" <maneo@icmp.dhs.org> Cc: freebsd-security@FreeBSD.ORG Subject: RE: inet socket restriction via group (fwd) Message-ID: <657B20E93E93D4118F9700D0B73CE3EA02FFF0EE@goofy.epylon.lan>
next in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Yes, but he said ipf, not ipfw.. Unless we just both have 2 different
understandings of what he's saying. And could be mean groups for the
rules (in which case he'd be wrong)?
Cheers,
- -JD-
Jason DiCioccio
Unix BOFH
- -----Original Message-----
From: Crist J. Clark [mailto:cristjc@earthlink.net]
Sent: Tuesday, August 21, 2001 6:22 PM
To: c.s. (maneo) peron
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: inet socket restriction via group (fwd)
On Tue, Aug 21, 2001 at 06:47:09PM -0500, c.s. (maneo) peron wrote:
>
> True you could use ipfw, however i dont believe you can filter
> a group when using ipf. (correct me if iam wrong)
You are wrong. ipfw(8) says,
uid user
Match all TCP or UDP packets sent by or received
for a
user. A user may be matched by name or
identification
number.
gid group
Match all TCP or UDP packets sent by or received
for a
group. A group may be matched by name or
identification
number.
- --
Crist J. Clark cjclark@alum.mit.edu
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>;
iQA/AwUBO4M/H1CmU62pemyaEQJsRwCgi7hN4TqhHMjd0IzlCSuAv9N8MkUAmwSk
nFpjS1bahwxC2/+1WkogoP4/
=k/9L
-----END PGP SIGNATURE-----
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?657B20E93E93D4118F9700D0B73CE3EA02FFF0EE>