[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: OpenBSD (Network) ACLs

To: Andi <andi@void.at>
Subject: Re: OpenBSD (Network) ACLs
From: Dries Schellekens <gwyllion@ace.ulyssis.org>
Date: Mon, 4 Nov 2002 11:11:08 +0100 (CET)
Cc: <tech@openbsd.org>

On 4 Nov 2002, Hans Insulander wrote:

> Andi <andi@void.at> writes:
>
> > Hi,
> >
> > I'm a systemadministrator for an OpenBSD server. I have
> > approximatly 25 users and I dont want that every user
> > can use bind()/connect() with/to any address/port. Therefore
> > I wrote a kernel patch to restrict bind()/connect() for users.
> > The communication is done via another pseudo device over ioctl.
> >
> > More Info:
> > http://void.at/~andi/openbsdacl/
> >
> > What do you think about it?
>
> I think you should take a look at systrace(1). It does this and much more,
> and it's included in OpenBSD 3.2.

PF can also allow/deny packets depending on the uid/gid of the socket.
Read pf.conf(5) for more info.


Cheers,

Dries
-- 
Dries Schellekens
email: gwyllion@ulyssis.org

References:
- Re: OpenBSD (Network) ACLs
  - From: Hans Insulander <hin@hin.nu>

Prev by Date: Re: OpenBSD (Network) ACLs
Next by Date: Re: Is there a good checksum system for OPENBSD?
Prev by thread: Re: OpenBSD (Network) ACLs
Next by thread: old cruddy hardware
Index(es):
- Date
- Thread