diff options
| author | Bob Beck <beck@cvs.openbsd.org> | 2002-06-08 23:49:36 +0000 |
|---|---|---|
| committer | Bob Beck <beck@cvs.openbsd.org> | 2002-06-08 23:49:36 +0000 |
| commit | 10a2cc008ba8d1799e6d4f9ee7f1be9c869f901d (patch) | |
| tree | 8c466d0f4bded23fff430f338869fb26ccec26f2 /libexec | |
| parent | 41161e4c0d4f2a92db9cca2743559bcc50ee3525 (diff) | |
add example using per-user pf rules to allow backchannel connections
to the proxy.
Diffstat (limited to 'libexec')
| -rw-r--r-- | libexec/ftp-proxy/ftp-proxy.8 | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/libexec/ftp-proxy/ftp-proxy.8 b/libexec/ftp-proxy/ftp-proxy.8 index 5b7e7f60943..109a56b40ea 100644 --- a/libexec/ftp-proxy/ftp-proxy.8 +++ b/libexec/ftp-proxy/ftp-proxy.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ftp-proxy.8,v 1.17 2002/05/23 10:22:14 deraadt Exp $ +.\" $OpenBSD: ftp-proxy.8,v 1.18 2002/06/08 23:49:35 beck Exp $ .\" .\" Copyright (c) 1996-2001 .\" Obtuse Systems Corporation, All rights reserved. @@ -187,6 +187,14 @@ statefully (assuming xl1 is the external interface): block in on xl1 proto tcp all pass in on xl1 proto tcp from any to xl1 port > 49151 keep state .Ed +.Pp +Alternatively, rules make use of the fact that by default, +.Nm ftp-proxy +runs as user "proxy" to allow the backchannel connections, as in the following example: +.Bd -literal +block in on xl1 proto tcp all +pass in on xl1 proto tcp from any to xl1 user proxy keep state +.Ed .Sh SEE ALSO .Xr ftp 1 , .Xr hosts.allow 5 , |