How do I block outbound access of services running on the firewall itself ? With packet filter, I found that we can block a user with it's UID or name but I've haven't found this option in opnsense firewall settings. For exemple, using this rule
block out on em0 proto tcp from me to any port 80 user myuser
should block process running with uid myuser
How can I do it on opnsense ?
It's not supported, because most of the firewall traffic will be "unknown" as it doesn't originate or terminate on the firewall itself.
Cheers,
Franco
Hi franco
there is a misunderstanding I think. I would like to block internet access to some service I've added, not thoses running by default on opnsense. For example, I've added tvheadend (and some other software) and I want them to access lan only, not internet. For this, freebsd offer user filtering like linux with iptables. Is there a possibility to block thoses users, even if it needs to edit files ?
ps aux
...
tvheadend 40387 0.0 1.1 92508 44344 - Ss 12:42 0:18.03 /usr/local/bin/tvheadend -f -p /var/run/tvheadend.pid -c /usr/local/etc/tvheadend -l /var/log/
...