Really simple spam trap - /dev/pf permissions?
John
john at starfire.mn.org
Tue Apr 27 20:09:03 UTC 2010
On Tue, Apr 27, 2010 at 08:46:41PM +0100, Vincent Hoffman wrote:
> On 27/04/2010 20:31, John wrote:
> > This seems to be working pretty well, and I'll eventually take the
> > print statement out, but I'm not sure why I had to make /dev/pf
> > public read/write in order to get the pfctl command to work.
> >
> > What is the best solution to be able to add to my spammers table
> > in pf without making it public read/write?
> >
> It would probably make more security sense to add the user that the
> script is running as to a group (say pfctl)
> then make the /dev/pf device group owned by the pfctl group and group
> writable.
> Other options include sudo access for your scripts user to run a
> specific pfctl command.
>
Oh, yeah, duh! Add mailnull to a pfctl group... That makes sense.
--
John Lind
john at starfire.MN.ORG
More information about the freebsd-questions
mailing list