From owner-freebsd-questions  Wed Mar 27  3:21:32 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from raiden.jasnetworks.net (raiden.jasnetworks.net [65.194.248.251])
	by hub.freebsd.org (Postfix) with ESMTP id D511037B41C
	for <questions@FreeBSD.org>; Wed, 27 Mar 2002 03:21:28 -0800 (PST)
Received: from works (works.jasnetworks.net [192.168.0.2])
	by raiden.jasnetworks.net (8.11.6/8.11.6) with ESMTP id g2RBOlV98716;
	Wed, 27 Mar 2002 06:24:48 -0500 (EST)
	(envelope-from raiden23@netzero.net)
Message-Id: <4.2.0.58.20020327062142.009612a0@pop.netzero.net>
X-Sender: raiden23@pop.netzero.net
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.58 
Date: Wed, 27 Mar 2002 06:27:45 -0500
To: Gabriel =?iso-8859-1?Q?Le=F2n?= Leyva <gleon@socoada.com.mx>,
	questions@FreeBSD.org
From: Lord Raiden <raiden23@netzero.net>
Subject: Re: block certain ips
In-Reply-To: <5.0.1.4.0.20020326180625.02dbd398@oficinas.socoada.com.mx>
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"; format=flowed
Content-Transfer-Encoding: quoted-printable
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

At 06:10 PM 3/26/02 -0700, Gabriel Le=F2n Leyva wrote:
>         Is there a way to block certain on bsd, I have several pcs with=20
> 10.10.10.? ips
>I want them to be able to user microsoft messenger but for some of these=20
>ips I dont want
>them to access internet... Could this be posible.. Thanks in advance..

         Yes, this is easy.  But it depends.  Are you referring to doing=20
this on each machine or via a firewall?  I'd say it would be easier if it's=
=20
going through a firewall or a proxy because then you have less work and it=
=20
will be easier to actually block this and keep track of it at the same=20
time.  IF your internet access is routed through a firewall, just setup=20
either a proxy so that only aproved IP's have net access, or in IPFW just=20
setup some rules that says something to the respect of "allow out for this=
=20
and this, but not for these if this and this are true, and block the rest=20
and only apply to these IP's."  Also, don't forget to log this so you can=20
see who's still trying to break the rules.  :)

         As far as how to setup these rules, I'm probubly the last to ask=20
on that because I'm definately no expert on IPFW, but I know it can be done=
=20
cause I've done it.  :)




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message