per-user firewall rules

Ben Woods woodsb02 at
Mon Apr 11 10:36:46 UTC 2016

On Monday, 11 April 2016, Alexander Klimov <alserkli at> wrote:

> I want to make sure that user can only communicate with predefined
> host:tcp-port and cannot send network packets to anywhere else
> (something like `--uid-owner' in iptables).
> Does any of the firewalls support this?
> --
> Regards,

IPFW supports the keyword "uid" followed by either the username or user id.
Obviously this only works for packets destined for local sockets. See man page for more details.

Not sure if PF has a similar feature.



From: Benjamin Woods
woodsb02 at

More information about the freebsd-questions mailing list