disable listen on ports

Bill Moran wmoran at collaborativefusion.com
Sun Apr 2 15:11:19 UTC 2006

Niklaus <niklaus at gmail.com> wrote:

> Hi,
>  How do i disable users on a system to run their own http proxy. I
> don't want to allow users who have login accounts on my system to
> listen to any port . How do i do that.

Put up a packet filter.  With IPFW you could do:

ipfw add reject tcp from any to me setup

They could then start all the listening daemons they wanted, but the
kernel would prevent any of them from ever getting a connection.  For
UDP, something like this should work:

ipfw add pass udp from me to any keep-state
ipfw add reject udp from any to me

... which would allow connections to be initiated from the machine, but
not to the machine.

Bill Moran
Potential Technologies

More information about the freebsd-questions mailing list