From owner-freebsd-net Mon Jan 1 15:24:11 2001 From owner-freebsd-net@FreeBSD.ORG Mon Jan 1 15:24:10 2001 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from elvis.mu.org (elvis.mu.org [207.154.226.10]) by hub.freebsd.org (Postfix) with ESMTP id 205BF37B400 for ; Mon, 1 Jan 2001 15:24:10 -0800 (PST) Received: by elvis.mu.org (Postfix, from userid 1098) id AF6E02B33A; Mon, 1 Jan 2001 17:24:09 -0600 (CST) Date: Mon, 1 Jan 2001 17:24:09 -0600 From: Bill Fumerola To: Anders Nordby Cc: freebsd-net@freebsd.org Subject: Re: ipfw uid rules and matching specific services for bandwidth limiting Message-ID: <20010101172409.I72273@elvis.mu.org> References: <20010101210826.A69852@totem.fix.no> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010101210826.A69852@totem.fix.no>; from anders@fix.no on Mon, Jan 01, 2001 at 09:08:26PM +0100 X-Operating-System: FreeBSD 4.2-FEARSOME-20001103 i386 Sender: billf@elvis.mu.org Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, Jan 01, 2001 at 09:08:26PM +0100, Anders Nordby wrote: > Are people actually using uid type rules heavily? I'm having trouble matching > the packets generated by programs like Apache and ProFTPD. I believe that may > be because of root binding the ports these programs use before they setuid() or > something, I'm not sure. Particularly I have trouble matching the packets of > active FTP, since I have random ports on both ends to deal with and can't match > them by port either. Does anyone have a solution to this? sockstat is your friend, look at the 'user' that is defined per program, thats who is going to be charged for packets on that socket. -- Bill Fumerola - security yahoo / Yahoo! inc. - fumerola@yahoo-inc.com / billf@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message