Text only | Text with Images

OPNsense Forum

English Forums => General Discussion => Topic started by: Vharry on September 29, 2023, 08:52:25 AM

Title: Block services from backend without using "start/stop" commands
Post by: Vharry on September 29, 2023, 08:52:25 AM
Hii,

Is there any way to restrict a specific user from using a specific service (eg. FreeRadius) from the backend? I created a php script with "start/stop", it is a working command but I am not sure if this is the right way to achieve the desired goal of preventing a user from using a specific service.

What are the possible ways to achieve this in the right way?
Title: Re: Block services from backend without using "start/stop" commands
Post by: bartjsmit on September 29, 2023, 09:23:12 AM
Does your script sever TCP connections? OPNsense is stateful, which allows established TCP sessions to pass without checking them against policy.

You may be quicker to restrict the user on the service itself. I.e. block them in the RADIUS layer. This will also have a more global effect on other services that use FreeRadius for SSO

Bart...
Text only | Text with Images