Feature Suggestion : pignore per user/group

[LazyScripter]

To more finely control what binaries can send traffic through CSF, I wanted to suggest this if it doesn't already exist.

Something like:

# User 'user1' executing /usr/local/bin/php has access to send tcp out on ports 80 & 443
upxe : user1 : /usr/local/bin/php : tcp:80,443:out
# Group 'wheel' executing /usr/bin/dig has access to send tcp&udp/53 out
gpxe : wheel : /usr/bin/dig : 53:out

Does something like this already exist, or could this be implemented?

[chirpy]

iptables doesn't know anything about the application that connects through it, so this isn't possible. The closest you can get is to use the advanced port filtering using UID or GID's