disable listen on ports

michael micatod at koproject.org
Sun Apr 2 19:41:15 UTC 2006

Erik Nørgaard a écrit :

> Niklaus wrote:
>> Hi,
>>  How do i disable users on a system to run their own http proxy. I
>> don't want to allow users who have login accounts on my system to
>> listen to any port . How do i do that.
> Putting up a packet filter as some suggest may break other things.
> Instead, you can take a look at MAC, Mandatory Access Controls. There
> is a module mac_portacl(4) that can control this.
> You need to compile your kernel with options MAC and then add
> mac_portacl_load="YES" to loader.conf
> But don't ask me how it works, haven't used it.
> Cheers, Erik
I think u're able to use this sample for doing what u want:

# Allow out FreeBSD (make install & CVSUP) functions
# Basically give user root "GOD" privileges.
$cmd 070 $skip tcp from me to any out via $pif setup keep-state uid root

i found it in the ipfw explain page:


More information about the freebsd-questions mailing list