[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: "user" directive broken in -current



On Wed, May 12, 2004 at 09:08:11AM +0200, Jedi/Sector One wrote:
> On Tue, May 11, 2004 at 04:27:59PM -0600, jared r r spiegel wrote:
> >   if you 'block out inet proto {tcp udp} from any to 10.0.0.0/8 user john'
> >   does it work?
> 
>   Noppe, it still matches all the time.
>   It looks like it works for daemons but not for users logged through ssh?
  i just tested with may.10th snapshot ( #77 ) and it is as i mentioned before.
  using "block out from any to 216.239.41.99 user jrrs" to my pf.conf's bottom
  line nobody can communicate with (that) google (ip), via any protocol.
  changing it to "block out inet proto {tcp udp} from any to 216.239.41.99 user jrrs"
  and everyone can ping it, and telnet to it on port 80, except for jrrs.
  jared
   
-- 
[ openbsd 3.5 GENERIC ( may 10 ) // i386 ]