fine grained firewall?
Chuck Swiger
cswiger at mac.com
Thu Feb 9 04:30:36 PST 2006
andrew clarke wrote:
> Is it possible to configure the FreeBSD firewall to block ports on a
> per-user or per-executable basis?
>
> eg.
>
> - Block /usr/local/bin/irc from connecting to TCP port 6667
>
> - Block user 'johnsmith' from connecting to TCP port 21
Yes to users (if the connections originate from the firewall box), no to
per-executables. The latter seems useless when "cp irc myirc" is all it would
take to defeat it. Frankly, neither option is very useful or would be needed
for a good ruleset...
--
-Chuck
More information about the freebsd-questions
mailing list