From owner-freebsd-security  Tue Aug 21 22: 8: 0 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mail.epylon.com (sf-gw.epylon.com [63.93.9.98])
	by hub.freebsd.org (Postfix) with ESMTP id 5B3DD37B40D
	for <freebsd-security@FreeBSD.ORG>; Tue, 21 Aug 2001 22:07:28 -0700 (PDT)
	(envelope-from jdicioccio@epylon.com)
Received: by goofy.epylon.lan with Internet Mail Service (5.5.2653.19)
	id <QBCNT0DL>; Tue, 21 Aug 2001 22:07:25 -0700
Message-ID: <657B20E93E93D4118F9700D0B73CE3EA02FFF0EE@goofy.epylon.lan>
From: Jason DiCioccio <jdicioccio@epylon.com>
To: "'cjclark@alum.mit.edu'" <cjclark@alum.mit.edu>,
	"c.s. (maneo) peron" <maneo@icmp.dhs.org>
Cc: freebsd-security@FreeBSD.ORG
Subject: RE: inet socket restriction via group (fwd)
Date: Tue, 21 Aug 2001 22:07:23 -0700
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Yes, but he said ipf, not ipfw.. Unless we just both have 2 different
understandings of what he's saying.  And could be mean groups for the
rules (in which case he'd be wrong)?

Cheers,
- -JD-

Jason DiCioccio
Unix BOFH

- -----Original Message-----
From: Crist J. Clark [mailto:cristjc@earthlink.net]
Sent: Tuesday, August 21, 2001 6:22 PM
To: c.s. (maneo) peron
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: inet socket restriction via group (fwd)


On Tue, Aug 21, 2001 at 06:47:09PM -0500, c.s. (maneo) peron wrote:
> 
> True you could use ipfw, however i dont believe you can filter
> a group when using ipf. (correct me if iam wrong)

You are wrong. ipfw(8) says,

             uid user
                     Match all TCP or UDP packets sent by or received
for a
                     user.  A user may be matched by name or
identification
                     number.

             gid group
                     Match all TCP or UDP packets sent by or received
for a
                     group.  A group may be matched by name or
identification
                     number.

- -- 
Crist J. Clark                           cjclark@alum.mit.edu

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBO4M/H1CmU62pemyaEQJsRwCgi7hN4TqhHMjd0IzlCSuAv9N8MkUAmwSk
nFpjS1bahwxC2/+1WkogoP4/
=k/9L
-----END PGP SIGNATURE-----

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message