Date: Tue, 27 Apr 2010 20:46:41 +0100 From: Vincent Hoffman <vince@unsane.co.uk> To: freebsd-questions@freebsd.org Subject: Re: Really simple spam trap - /dev/pf permissions? Message-ID: <4BD73F21.1030504@unsane.co.uk> In-Reply-To: <20100427193106.GA91570@elwood.starfire.mn.org> References: <20100427193106.GA91570@elwood.starfire.mn.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 27/04/2010 20:31, John wrote: > This seems to be working pretty well, and I'll eventually take the > print statement out, but I'm not sure why I had to make /dev/pf > public read/write in order to get the pfctl command to work. > > What is the best solution to be able to add to my spammers table > in pf without making it public read/write? > It would probably make more security sense to add the user that the script is running as to a group (say pfctl) then make the /dev/pf device group owned by the pfctl group and group writable. Other options include sudo access for your scripts user to run a specific pfctl command. Vince
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4BD73F21.1030504>