[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: "user" directive broken in -current



e.g. the DNS resolution might not happen with the effective user id of
the user that opens the TCP connection using a symbolic host name, at
least depending on how resolution is set up (local name server might use
named user). ssh connections might cause various DNS lookups (forward,
reverse) and other TCP daemons might try ident lookups (not necessarily
with the uid of the same user), etc.
To test, I'd restrict the rule to TCP. Or add multiple rules for each
user/protool, and use pfctl -vsr to check which are matched.
Daniel