View Single Post
  #2   (View Single Post)  
Old 13th May 2017
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
Join Date: May 2008
Location: USA
Posts: 6,422

PF can determine the user for a packet that originates or terminates on the system where PF is running. From pf.conf(5):
     user user
             This rule only applies to packets of sockets owned by the
             specified user.  For outgoing connections initiated from the
             firewall, this is the user that opened the connection.  For
             incoming connections to the firewall itself, this is the user
             that listens on the destination port.
Reply With Quote