From owner-freebsd-questions Wed Jun 14 10:11:32 2000 Delivered-To: freebsd-questions@freebsd.org Received: from hindenburg.eboai.org (hindenburg.eboai.org [205.181.254.190]) by hub.freebsd.org (Postfix) with ESMTP id F05C837BACF for ; Wed, 14 Jun 2000 10:11:29 -0700 (PDT) (envelope-from chip@chocobo.cx) Received: by hindenburg.eboai.org (Postfix, from userid 1000) id E1C313D66; Wed, 14 Jun 2000 13:11:22 -0400 (EDT) Date: Wed, 14 Jun 2000 13:11:22 -0400 From: Chip Marshall To: James Howard Cc: freebsd-questions@freebsd.org Subject: Re: Limiting Internet Access Message-ID: <20000614131122.A32913@setzer.chocobo.cx> Reply-To: chip@chocobo.cx References: <20000614125423.A32693@setzer.chocobo.cx> <200006141703.NAA02365@rac4.wam.umd.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.1.4i In-Reply-To: <200006141703.NAA02365@rac4.wam.umd.edu>; from howardjp@wam.umd.edu on Wed, Jun 14, 2000 at 01:03:00PM -0400 X-URL: http://www.chocobo.cx/chip/ X-OS: FreeBSD 3.4-RELEASE i386 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On June 14, 2000, James Howard sent me the following: > > I think the easiest way to do that would be to setup IPFW to deny > > outboard traffic from certain groups, ie: > > > > deny ip from any to any gid nonpay > > > > where nonpay is the name of the group for people who don't pay for > > Internet access. I know that this does not affect people logging in to > > a system remotely via SSH, but I'm not sure how it affects remote > > access via rsh or telnet. > > IPFW seems a bit extreme, I am looking for something more like ACLs not > network connectivity. Is that was IPFW does? IPFW can be used with it's gid and uid qualifiers to setup lists of users and groups which can access various network services. I'm not sure of the context of your use of ACL. -- Chip Marshall http://www.chocobo.cx/chip/ Finger for PGP GCM/CS d+(-) s+:++ a18>? C++ UB++++$ P+++$ L- E--- W++ N+@ o K- w O M+ V-- PS PE Y? PGP++ t+@ 5 X R>+ tv+() b++>+++ DI++++ D(-) G++ e>++ h!>++ r-- y- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message