Date: Wed, 14 Jun 2000 12:54:23 -0400 From: Chip Marshall <chip@setzer.chocobo.cx> To: James Howard <howardjp@wam.umd.edu> Cc: freebsd-questions@freebsd.org Subject: Re: Limiting Internet Access Message-ID: <20000614125423.A32693@setzer.chocobo.cx> In-Reply-To: <200006141649.MAA01241@rac4.wam.umd.edu>; from howardjp@wam.umd.edu on Wed, Jun 14, 2000 at 12:49:29PM -0400 References: <200006141649.MAA01241@rac4.wam.umd.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On June 14, 2000, James Howard sent me the following: > Hey everyone. We are currnetly moving our BBS (www.arbornet.org) from > BSD/OS to FreeBSD. One of the limits we placed on users was that they > were not allowed to send outbound Internet traffic (ie, they could not > telnet out from our system, etc). > > Under BSD/OS (3.0) the kernel had been patched and checked for a > hard-coded list of groups (paying users had access, special binaries like > finger too). But I have heard that under FreeBSD, limiting like this is > is run-time configurable. How does this work? I think the easiest way to do that would be to setup IPFW to deny outboard traffic from certain groups, ie: deny ip from any to any gid nonpay where nonpay is the name of the group for people who don't pay for Internet access. I know that this does not affect people logging in to a system remotely via SSH, but I'm not sure how it affects remote access via rsh or telnet. -- Chip Marshall <chip@chocobo.cx> http://www.chocobo.cx/chip/ Finger for PGP GCM/CS d+(-) s+:++ a18>? C++ UB++++$ P+++$ L- E--- W++ N+@ o K- w O M+ V-- PS PE Y? PGP++ t+@ 5 X R>+ tv+() b++>+++ DI++++ D(-) G++ e>++ h!>++ r-- y- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000614125423.A32693>