#17 provide uid/gid filtering options

[Darren]

Darren, one thing I have wanted--though I don't know how easy it is to implement--is the ability to pass / block packets based on the user or group the packet is to/from on the ipfilter host. That is, block traffic from user joe going to a specific IP address, network or pool.
Or to say block all incoming traffic to ports not owned by root or specified users or groups. The latter would allow me to only allow traffic into listening daemons run by approved accounts, such as root, httpd, ftp, etc. If a user tried to start such a process it would run, but be inaccessible from outside the box, liminating users opening holes I don't want.

Just a thought.

--Dave