Jim Klimov
unread,Apr 22, 2012, 5:30:06 AM4/22/12You do not have permission to delete messages in this group
Sign in to report message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to
Hello,
I was asked if it is possible for ipfilter in general
and on (Open)Solaris/illumos in particular to go beyond
filters based on packets' networking attributes, and
involve filtering based on (local) OS attributes - UID,
GID, PID/PNAME and so on, like Linux and Windows filters
do.
Sample rule and usecase might be: nobody can access HTTP
into the internet from this box except root and repo-sync
user.
Is it possible now or implementable "with little blood"? :)
Thanks,
//Jim