search for: portacl

Hi, folks. I am trying to implement reverse proxy using squid with mac_portacl, but i have problem while binding squid to port 80. Am i missed something? Here is my mac_portacl variables: # sysctl security.mac.portacl. security.mac.portacl.enabled: 1 security.mac.portacl.suser_exempt: 1 security.mac.portacl.autoport_exempt: 1 security.mac.portacl.port_high: 1023 security.m...

...ot-http service inside a jail with out public IP address. This patch gives another option, so one don't need to use firewall for this purpose. It adds new idtype - 'jid'. With this patch, one can configure that jail with the given JID can use only defined ports: # sysctl security.mac.portacl.rules="jid:1:tcp:80" Patch is here: http://people.freebsd.org/~pjd/patches/mac_portacl.c.patch Any objections? PS. With the above policy, processes from outside a jail can bind to port 80. We can change this behaviour to "allow port 80 to be used only inside a jail 1&quo...

Hello, I really like the idea behind mac_portacl but I find it difficult to use it because of one issue. When an unprivileged program binds to high automatic port with a call to bind(2) and port number set to 0 the system chooses the port to bind to itself. This mechanismus is used by number of programs, most commonly by ftp clients in active...

Hi everyone, today I got an e-mail from a company claiming that my server is doing port scans on their firewall machine. I found that hard to believe so I started checking the box. The company rep told me that the scan was originating at port 80 with destination port 8254 on their machine. I couldn't find any hints as to why that computer was subject to the alleged port scans. Searching