Am Mi, den 16.06.2004 schrieb maynard@xxxxxxxxxxxxxxxx um 16:23: > Is there any way that a user can tell iptables to allow a user to specify > additional ports to block other than the ones in the 'root' iptables > configuration. I do not know if there are security implications in this, but all > that iptables would have to do was to look for further disallows in the current > user's config directory, maybe under ~/.iptables/ > > If this is possible coud someone please tell me how to achieve it or something > similar. > > I am trying to run firestarter as a user level application, i.e,. without > needing the root password everytime I run it. > > Maynard That won't work and would be awful if a user could change kernel space settings. A normal user could disconnect the whole machine from the net if he would be allowed to set netfilter rules using iptables. It is root's task and only root's task to set such things. Why do you want to have a normal user be allowed to modify iptables settings? Are you just too lazy to run a "su -" to get a root login shell? Check "man sudo" if the sudo command is more comfortable for you. Alexander -- Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13 Fedora GNU/Linux Core 2 (Tettnang) on Athlon CPU kernel 2.6.6-1.435 Serendipity 16:28:22 up 1 day, 12:55, load average: 1.07, 1.28, 1.27
Attachment:
signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil
