From owner-freebsd-ipfw@FreeBSD.ORG Wed May 7 08:17:09 2003 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ED30B37B404 for ; Wed, 7 May 2003 08:17:09 -0700 (PDT) Received: from mail.alberti-datentechnik.de (mail.alberti-datentechnik.de [62.146.91.171]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3D5B643F75 for ; Wed, 7 May 2003 08:17:08 -0700 (PDT) (envelope-from nowhere@phobgate.de) Received: from df20451cdd5c43f (localhost [127.0.0.1])h46KWFX25911; Tue, 6 May 2003 22:32:15 +0200 From: alex To: Daniela , ipfw@FreeBSD.org Message-ID: <130328252.957652342@[192.168.2.94]> In-Reply-To: <200305062208.06242.dgw@liwest.at> References: <200305062208.06242.dgw@liwest.at> X-Mailer: Mulberry/2.2.1 (Win32) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Subject: Re: Allow all traffic for a specific process X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: alex List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Wed, 07 May 2003 15:17:10 -0000 X-Original-Date: Sat, 06 May 2000 22:32:22 +0200 X-List-Received-Date: Wed, 07 May 2003 15:17:10 -0000 run process under own user and/or group id, then use ipfw rule with uid and/or gid option ipfw manual says: uid user Match all TCP or UDP packets sent by or received for a user. A user may be matched by name or identification number. gid group Match all TCP or UDP packets sent by or received for a group. A group may be matched by name or identification number. i've used this options for shell accounts to share bandwith between users --On Dienstag, 6. Mai 2003 22:08 +0000 Daniela wrote: > Hi all! > > Does IPFW have a feature to pass all traffic destined for ports a > specific process has opened? > The process opens many rapidly changing dynamic ports, UDP and TCP, so > the keep-state rules are useless most of the time. > > If this is not possible, would it be easy to implement? > I'm still a newbie, but if it's not too hard, I think I can do it. > > Regards, > Daniela > > > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org"