Date: Tue, 27 Apr 2010 15:09:01 -0500 From: John <john@starfire.mn.org> To: Vincent Hoffman <vince@unsane.co.uk> Cc: freebsd-questions@freebsd.org Subject: Re: Really simple spam trap - /dev/pf permissions? Message-ID: <20100427200901.GA92209@elwood.starfire.mn.org> In-Reply-To: <4BD73F21.1030504@unsane.co.uk> References: <20100427193106.GA91570@elwood.starfire.mn.org> <4BD73F21.1030504@unsane.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Apr 27, 2010 at 08:46:41PM +0100, Vincent Hoffman wrote: > On 27/04/2010 20:31, John wrote: > > This seems to be working pretty well, and I'll eventually take the > > print statement out, but I'm not sure why I had to make /dev/pf > > public read/write in order to get the pfctl command to work. > > > > What is the best solution to be able to add to my spammers table > > in pf without making it public read/write? > > > It would probably make more security sense to add the user that the > script is running as to a group (say pfctl) > then make the /dev/pf device group owned by the pfctl group and group > writable. > Other options include sudo access for your scripts user to run a > specific pfctl command. > Oh, yeah, duh! Add mailnull to a pfctl group... That makes sense. -- John Lind john@starfire.MN.ORG
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100427200901.GA92209>