ConfigServer Community Forum

Peer support forums for ConfigServer Scripts
https://mail.forum.configserver.com/

Feature Suggestion : pignore per user/group

https://mail.forum.configserver.com/viewtopic.php?t=4064

Page 1 of 1

Feature Suggestion : pignore per user/group

Posted: 16 Dec 2010, 19:44
by LazyScripter
To more finely control what binaries can send traffic through CSF, I wanted to suggest this if it doesn't already exist.

Something like:

# User 'user1' executing /usr/local/bin/php has access to send tcp out on ports 80 & 443
upxe : user1 : /usr/local/bin/php : tcp:80,443:out
# Group 'wheel' executing /usr/bin/dig has access to send tcp&udp/53 out
gpxe : wheel : /usr/bin/dig : 53:out

Does something like this already exist, or could this be implemented?

Re: Feature Suggestion : pignore per user/group

Posted: 29 Dec 2010, 16:11
by chirpy
iptables doesn't know anything about the application that connects through it, so this isn't possible. The closest you can get is to use the advanced port filtering using UID or GID's
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited