.\" -*-nroff-*-
.\"
-.\" $Id: fw.1,v 1.16 2003/11/25 14:46:50 mdw Exp $
+.\" $Id: fw.1,v 1.17 2003/11/29 20:36:07 mdw Exp $
.\"
.\" Manual page for fw
.\"
.\" ---- Revision history ---------------------------------------------------
.\"
.\" $Log: fw.1,v $
+.\" Revision 1.17 2003/11/29 20:36:07 mdw
+.\" Privileged outgoing connections.
+.\"
.\" Revision 1.16 2003/11/25 14:46:50 mdw
.\" Update docco for new options.
.\"
convenient. This option is useful if the destination is doing
host-based access control and your server is multi-homed.
.OE
+.OS "Socket options"
+.B socket.inet.dest.priv-port
+.RB [=]
+.BR yes | no
+.OD
+Make a privileged connection (i.e., from a low-numbered port) to the
+target. This only works if
+.B fw
+was started with root privileges. However, it still works if
+.B fw
+has
+.I dropped
+privileges after initialization (the
+.B \-s
+option). Before dropping privileges,
+.B fw
+forks off a separate process which continues to run with root
+privileges, and on demand passes sockets bound to privileged ports and
+connected to the appropriate peer back to the main program. The
+privileged child only passes back sockets connected to peer addresses
+named in the configuration; even if the
+.B fw
+process is compromised, it can't make privileged connections to other
+addresses. Note that because of this privilege separation, it's also
+not possible to reconfigure
+.B fw
+to make privileged connections to different peer addresses later. by
+changing configuration files and sending the daemon a
+.BR SIGHUP .
+.OE
.PP
The access control rules are examined in the order: local entries first,
then global ones, each in the order given in the configuration file.
.RB [ = ]
.BR any | \c
.I addr
+.br
+.B socket.inet.dest.priv-port
+.RB [=]
+.BR yes | no
.PP
.BR socket.unix.fattr. *
.
~mdw / fwd / blobdiff