> From: [email protected]
> [mailto:[email protected]] On Behalf Of Darren Reed
> Sent: Monday, January 05, 2009 7:30 AM
> To: IP Filter
> Subject: IPFilter 5.0.5 - some new knobs...
> New features...and while I've got your attention, what
> features do you think ipfilter needs that it does not yet have?
Darren, one thing I have wanted--though I don't know how easy it is to
implement--is the ability to pass / block packets based on the user or
group the packet is to/from on the ipfilter host. That is, block
traffic from user joe going to a specific IP address, network or pool.
Or to say block all incoming traffic to ports not owned by root or
specified users or groups. The latter would allow me to only allow
traffic into listening daemons run by approved accounts, such as root,
httpd, ftp, etc. If a user tried to start such a process it would run,
but be inaccessible from outside the box, eliminating users opening
holes I don't want.
Just a thought.
--Dave
