Really simple spam trap - /dev/pf permissions?
Vincent Hoffman
vince at unsane.co.uk
Tue Apr 27 19:47:05 UTC 2010
On 27/04/2010 20:31, John wrote:
> This seems to be working pretty well, and I'll eventually take the
> print statement out, but I'm not sure why I had to make /dev/pf
> public read/write in order to get the pfctl command to work.
>
> What is the best solution to be able to add to my spammers table
> in pf without making it public read/write?
>
It would probably make more security sense to add the user that the
script is running as to a group (say pfctl)
then make the /dev/pf device group owned by the pfctl group and group
writable.
Other options include sudo access for your scripts user to run a
specific pfctl command.
Vince
More information about the freebsd-questions
mailing list