From owner-freebsd-security  Tue Jun 20 18:30:12 2000
Delivered-To: freebsd-security@freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21])
	by hub.freebsd.org (Postfix) with ESMTP
	id 2B41B37BCAC; Tue, 20 Jun 2000 18:30:09 -0700 (PDT)
	(envelope-from kris@FreeBSD.org)
Received: from localhost (kris@localhost)
	by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id SAA54105;
	Tue, 20 Jun 2000 18:30:09 -0700 (PDT)
	(envelope-from kris@FreeBSD.org)
X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs
Date: Tue, 20 Jun 2000 18:30:08 -0700 (PDT)
From: Kris Kennaway <kris@FreeBSD.org>
To: James Howard <howardjp@wam.umd.edu>
Cc: "Ilmar S. Habibulin" <ilmar@ints.ru>,
	freebsd-security@freebsd.org
Subject: Re: Network ACLs 
In-Reply-To: <200006210104.VAA07282@rac6.wam.umd.edu>
Message-ID: <Pine.BSF.4.21.0006201829540.53814-100000@freefall.freebsd.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Tue, 20 Jun 2000, James Howard wrote:

> I want to be able to create a group called "inet" and anyone who is a
> member of that group may open connections.  However, they may not
> listen.  Root can do anything he/she wants.  Nobody else can do anything.

ipfw can filter based on uid and gid

Kris

--
In God we Trust -- all others must submit an X.509 certificate.
    -- Charles Forsythe <forsythe@alum.mit.edu>



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message