Date: Thu, 15 Aug 2002 10:19:56 -0400 From: "Derek" <derek@durham.net> To: <freebsd-questions@freebsd.org> Subject: Re: Integrated firewall Message-ID: <007701c24466$d5093aa0$04fea8c0@motorcity.on.ca> References: <003801c243e4$a672efb0$1101a8c0@mike>
next in thread | previous in thread | raw e-mail | index | archive | help
I agree entirely with your ISA Server sentiment. However, the situation dictates that many users with different protocol access needs may use the same computer, or one user could use many computers. I imagine this is a fairly common scenario these days. ipfw has the ability to filter by uid/gid, but I suspect that is only from the local machine. ISA Server has the ability to provide filters based on a user's (Active Directory) SID. I would like to be able to provide this (or equivalent) funtionallity using a 'real' network OS (FreeBSD of course :). In summary, I would like specific users to only have access to specific protocols, regardless of the machine that they are using, and I would like to do this with FreeBSD. Any recommendations/insight would be very helpful. Thanks, Derek ----- Original Message ----- From: "Mike Tindall" <lists@netwzrd.net> To: "'Derek'" <derek@durham.net> Sent: Wednesday, August 14, 2002 6:48 PM Subject: RE: Integrated firewall > I would stay away from MS ISA. I have had nothing but trouble with that > package. But we are setting something up similar. We have an MS DHCP > server and we reserve each IP address to a client computer by MAC > address. All other IP address are excluded. If you do something like > this you have low maintenance and you can then filter by IP address. I > hope that helps. > > Mike Tindall > mike@netwzrd.net > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?007701c24466$d5093aa0$04fea8c0>