From owner-freebsd-hackers Sat Apr 3 22:20:13 1999 Delivered-To: freebsd-hackers@freebsd.org Received: from home.dragondata.com (home.dragondata.com [204.137.237.2]) by hub.freebsd.org (Postfix) with ESMTP id 88392150A4 for ; Sat, 3 Apr 1999 22:19:55 -0800 (PST) (envelope-from toasty@home.dragondata.com) Received: (from toasty@localhost) by home.dragondata.com (8.9.2/8.9.2) id AAA19930; Sun, 4 Apr 1999 00:17:49 -0600 (CST) From: Kevin Day Message-Id: <199904040617.AAA19930@home.dragondata.com> Subject: Re: ipfw uid In-Reply-To: from Brian Feldman at "Apr 3, 1999 10: 8:49 pm" To: green@unixhelp.org (Brian Feldman) Date: Sun, 4 Apr 1999 00:17:48 -0600 (CST) Cc: hackers@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL43 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > Is anyone interested in trying out my addition of per-uid firewalling > capabilities to ipfw? I just did them today, but they seem to work fine. > For instance, logging/accounting purpouses: > > {"/usr/src/sbin/ipfw"}# ipfw show > 00050 8157 2864127 count ip from any to any uid 1000 in > 00060 8952 1834453 count ip from any to any uid 1000 out > > Just let me know if you'd like it! > If I'm understanding this correctly, could this be used to prevent all but one or two users from using a certain IP? (Yes, i realize they could still try to bind to it, but it wouldn't do them any good). I was thinking about doing some kind of file per IP in /proc, that could be chmod'ed to allow/disallow users from doing things with, but this sounds much more elegant. :) Kevin To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message