Hello, I was asked if it is possible for ipfilter in general and on (Open)Solaris/illumos in particular to go beyond filters based on packets' networking attributes, and involve filtering based on (local) OS attributes - UID, GID, PID/PNAME and so on, like Linux and Windows filters do.
Sample rule and usecase might be: nobody can access HTTP into the internet from this box except root and repo-sync user. Is it possible now or implementable "with little blood"? :) Thanks, //Jim
