OPNsense Forum

English Forums => General Discussion => Topic started by: chunky on July 23, 2018, 07:44:53 pm

Title: how to block by process userid with pf firewall ?
Post by: chunky on July 23, 2018, 07:44:53 pm

How do I block outbound access of services running on the firewall itself ? With packet filter, I found that we can block a user with it's UID or name but I've haven't found this option in opnsense firewall settings. For exemple, using this rule

Code: [Select]

block out on em0 proto tcp from me to any port 80 user myusershould block process running with uid myuser

How can I do it on opnsense ?

Title: Re: how to block by process userid with pf firewall ?
Post by: franco on July 24, 2018, 08:11:30 am

It's not supported, because most of the firewall traffic will be "unknown" as it doesn't originate or terminate on the firewall itself.


Cheers,
Franco

Title: Re: how to block by process userid with pf firewall ?
Post by: chunky on July 27, 2018, 06:33:44 pm

Hi franco

there is a misunderstanding I think. I would like to block internet access to some service I've added, not thoses running by default on opnsense. For example, I've added tvheadend (and some other software) and I want them to access lan only, not internet. For this, freebsd offer user filtering like linux with iptables. Is there a possibility to block thoses users, even if it needs to edit files ?

Code: [Select]

ps aux
...
tvheadend 40387   0.0  1.1   92508 44344  -  Ss   12:42      0:18.03 /usr/local/bin/tvheadend -f -p /var/run/tvheadend.pid -c /usr/local/etc/tvheadend -l /var/log/
...