fine grained firewall?

Chuck Swiger cswiger at
Thu Feb 9 04:30:36 PST 2006

andrew clarke wrote:
> Is it possible to configure the FreeBSD firewall to block ports on a
> per-user or per-executable basis?
> eg.
> - Block /usr/local/bin/irc from connecting to TCP port 6667
> - Block user 'johnsmith' from connecting to TCP port 21

Yes to users (if the connections originate from the firewall box), no to
per-executables.  The latter seems useless when "cp irc myirc" is all it would
take to defeat it.  Frankly, neither option is very useful or would be needed
for a good ruleset...


More information about the freebsd-questions mailing list