I'm not saying to alter pledge necessarily, maybe make new system call like pledge. There aren't any per-process pf rules that are applied. When a socket connects to a remote or local server and pf makes a state, it has the originating randomized port. Pf rules can be made that target those randomized port numbers, but maybe there could be a more elegant way like intervening in connect() and bind() calls.
>you can have rules to filter by user >for both >incoming and outgoing connections, see >http://man=2Eopenbsd=2Eorg/OpenBSD->6=2E1/pf=2Econf=2E5#user >I don't think there's too much gain in >adding >support for this kinda thing in pledge >but >that's for the devs to decide=2E=20
