Results 1 to 3 of 3
  1. #1
    Join Date
    Aug 2006
    Location
    Los Angeles
    Posts
    166

    Restricting IPs from the Shell

    HI - was hoping someone could help me with this ..

    Im running FreeBSD6.1 and have about 10 IPs binded using /etc/rc.conf

    I want to be able to add a new user account for someone to use - but restrict them to using only one IP address.

    So if they try to bind to the other 9 IPS on the box - it will fail.

    Is this kind of setup possible?

  2. #2
    Join Date
    Sep 2005
    Location
    Southern California
    Posts
    179
    You would want to be using IPFW for this. I suggest recompiling your kernel, however you can load it as a module using:

    Code:
    kldload ipfw
    WARNING - If you type that command, it will lock you out of your server. Either run it locally, or run something like kldload ipfw && ipfw add allow ip from any to any

    I'm not going to give you a tutorial on IPFW, but you can use the "uid x" suffix on your commands to form a rule such as:

    Code:
    ipfw add 1000 allow ip from 1.2.3.4 to any out xmit em0 uid yourusername
    And then at the end of the list, make it deny any rules that did not match.

  3. #3
    Join Date
    Aug 2006
    Location
    Los Angeles
    Posts
    166
    Thanks - I was thinking IPFW would be my only hope - im a big fan of pf and was hoping there would be some utility out there rather then firewall.

    Guess not - thanks for your reply though!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •