how to block by process userid with pf firewall ?

[chunky]

How do I block outbound access of services running on the firewall itself ? With packet filter, I found that we can block a user with it's UID or name but I've haven't found this option in opnsense firewall settings. For exemple, using this rule

Code: [Select]

block out on em0 proto tcp from me to any port 80 user myusershould block process running with uid myuser

How can I do it on opnsense ?

[franco]

It's not supported, because most of the firewall traffic will be "unknown" as it doesn't originate or terminate on the firewall itself.


Cheers,
Franco

[chunky]

Hi franco

there is a misunderstanding I think. I would like to block internet access to some service I've added, not thoses running by default on opnsense. For example, I've added tvheadend (and some other software) and I want them to access lan only, not internet. For this, freebsd offer user filtering like linux with iptables. Is there a possibility to block thoses users, even if it needs to edit files ?

Code: [Select]

ps aux
...
tvheadend 40387   0.0  1.1   92508 44344  -  Ss   12:42      0:18.03 /usr/local/bin/tvheadend -f -p /var/run/tvheadend.pid -c /usr/local/etc/tvheadend -l /var/log/
...