Date: Wed, 14 Jun 2000 13:11:22 -0400 From: Chip Marshall <chip@setzer.chocobo.cx> To: James Howard <howardjp@wam.umd.edu> Cc: freebsd-questions@freebsd.org Subject: Re: Limiting Internet Access Message-ID: <20000614131122.A32913@setzer.chocobo.cx> In-Reply-To: <200006141703.NAA02365@rac4.wam.umd.edu>; from howardjp@wam.umd.edu on Wed, Jun 14, 2000 at 01:03:00PM -0400 References: <20000614125423.A32693@setzer.chocobo.cx> <200006141703.NAA02365@rac4.wam.umd.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On June 14, 2000, James Howard sent me the following: > > I think the easiest way to do that would be to setup IPFW to deny > > outboard traffic from certain groups, ie: > > > > deny ip from any to any gid nonpay > > > > where nonpay is the name of the group for people who don't pay for > > Internet access. I know that this does not affect people logging in to > > a system remotely via SSH, but I'm not sure how it affects remote > > access via rsh or telnet. > > IPFW seems a bit extreme, I am looking for something more like ACLs not > network connectivity. Is that was IPFW does? IPFW can be used with it's gid and uid qualifiers to setup lists of users and groups which can access various network services. I'm not sure of the context of your use of ACL. -- Chip Marshall <chip@chocobo.cx> http://www.chocobo.cx/chip/ Finger for PGP GCM/CS d+(-) s+:++ a18>? C++ UB++++$ P+++$ L- E--- W++ N+@ o K- w O M+ V-- PS PE Y? PGP++ t+@ 5 X R>+ tv+() b++>+++ DI++++ D(-) G++ e>++ h!>++ r-- y- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000614131122.A32913>