because it drops privs once initialization done.
On 28.09.16 14:24, johnw wrote:
On 09/28/2016 07:05 PM, Janne Johansson wrote:
Apart from PF failing the syntax, what would one expect to achieve with
=0 ?
That would always cover all users, since its never a negative number.
/usr/include/sys/types.h:typedef __uid_t uid_t;
/* user id */
/usr/include/sys/_types.h:typedef __uint32_t __uid_t;
/* user id */
No, PF do not failing the syntax, pfctl -f pf.conf without any error and
pfctl can load the rule (pfctl -sr can see it)
I mean is why, below rule do not let traceroute work?
pass out quick on $ext_if inet proto udp from ($ext_if) to any user 0
then run traceroute as root: traceroute google.com
traceroute to google.com (216.58.221.238), 64 hops max, 40 byte packets
traceroute: sendto: No route to host
1 traceroute: wrote google.com 40 chars, ret=-1
Thanks.
