From owner-freebsd-questions Thu Aug 15 7:18:19 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7C28137B400 for ; Thu, 15 Aug 2002 07:18:15 -0700 (PDT) Received: from tomts15-srv.bellnexxia.net (tomts15.bellnexxia.net [209.226.175.3]) by mx1.FreeBSD.org (Postfix) with ESMTP id C60A643E65 for ; Thu, 15 Aug 2002 07:18:13 -0700 (PDT) (envelope-from derek@durham.net) Received: from cerberus.motorcity.on.ca ([65.95.185.80]) by tomts15-srv.bellnexxia.net (InterMail vM.5.01.04.19 201-253-122-122-119-20020516) with ESMTP id <20020815141802.KXZF1575.tomts15-srv.bellnexxia.net@cerberus.motorcity.on.ca>; Thu, 15 Aug 2002 10:18:02 -0400 Received: (from root@localhost) by cerberus.motorcity.on.ca (8.11.6/8.11.6) id g7FDQAD90787; Thu, 15 Aug 2002 09:26:10 -0400 (EDT) (envelope-from derek@durham.net) Received: from DEVELOPMENT ([192.168.254.4]) by cerberus.motorcity.on.ca (8.11.6/8.11.6av) with SMTP id g7FDQ4D90779; Thu, 15 Aug 2002 09:26:05 -0400 (EDT) (envelope-from derek@durham.net) Message-ID: <007701c24466$d5093aa0$04fea8c0@motorcity.on.ca> From: "Derek" To: References: <003801c243e4$a672efb0$1101a8c0@mike> Subject: Re: Integrated firewall Date: Thu, 15 Aug 2002 10:19:56 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Virus-Scanned: by AMaViS perl-11 ares.durham.net Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I agree entirely with your ISA Server sentiment. However, the situation dictates that many users with different protocol access needs may use the same computer, or one user could use many computers. I imagine this is a fairly common scenario these days. ipfw has the ability to filter by uid/gid, but I suspect that is only from the local machine. ISA Server has the ability to provide filters based on a user's (Active Directory) SID. I would like to be able to provide this (or equivalent) funtionallity using a 'real' network OS (FreeBSD of course :). In summary, I would like specific users to only have access to specific protocols, regardless of the machine that they are using, and I would like to do this with FreeBSD. Any recommendations/insight would be very helpful. Thanks, Derek ----- Original Message ----- From: "Mike Tindall" To: "'Derek'" Sent: Wednesday, August 14, 2002 6:48 PM Subject: RE: Integrated firewall > I would stay away from MS ISA. I have had nothing but trouble with that > package. But we are setting something up similar. We have an MS DHCP > server and we reserve each IP address to a client computer by MAC > address. All other IP address are excluded. If you do something like > this you have low maintenance and you can then filter by IP address. I > hope that helps. > > Mike Tindall > mike@netwzrd.net > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message