From owner-freebsd-questions@FreeBSD.ORG  Fri Sep 28 18:06:07 2007
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 3BBF716A507
	for <freebsd-questions@freebsd.org>;
	Fri, 28 Sep 2007 18:06:07 +0000 (UTC) (envelope-from cswiger@mac.com)
Received: from mail-out3.apple.com (mail-out3.apple.com [17.254.13.22])
	by mx1.freebsd.org (Postfix) with ESMTP id 1AC1113C4A3
	for <freebsd-questions@freebsd.org>;
	Fri, 28 Sep 2007 18:06:06 +0000 (UTC) (envelope-from cswiger@mac.com)
Received: from relay14.apple.com (relay14.apple.com [17.128.113.52])
	by mail-out3.apple.com (Postfix) with ESMTP id C6DEA1301949;
	Fri, 28 Sep 2007 11:06:06 -0700 (PDT)
Received: from relay14.apple.com (unknown [127.0.0.1])
	by relay14.apple.com (Symantec Mail Security) with ESMTP id AB0A028056; 
	Fri, 28 Sep 2007 11:06:06 -0700 (PDT)
X-AuditID: 11807134-a8698bb000000861-0f-46fd428e9316
Received: from [17.214.13.96] (cswiger1.apple.com [17.214.13.96])
	(using TLSv1 with cipher AES128-SHA (128/128 bits))
	(No client certificate requested)
	by relay14.apple.com (Apple SCV relay) with ESMTP id 8C5922804D;
	Fri, 28 Sep 2007 11:06:06 -0700 (PDT)
In-Reply-To: <fda61bb50709281051j4953c79bi295138355edc9ad0@mail.gmail.com>
References: <fda61bb50709281051j4953c79bi295138355edc9ad0@mail.gmail.com>
Mime-Version: 1.0 (Apple Message framework v752.2)
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
Message-Id: <8151EECC-1EEA-4778-8AFE-6BBC4193884A@mac.com>
Content-Transfer-Encoding: 7bit
From: Chuck Swiger <cswiger@mac.com>
Date: Fri, 28 Sep 2007 11:06:05 -0700
To: Agus <agus.262@gmail.com>
X-Mailer: Apple Mail (2.752.2)
X-Brightmail-Tracker: AAAAAA==
Cc: freebsd-questions <freebsd-questions@freebsd.org>
Subject: Re: Deny access from localhost to internet.....
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Sep 2007 18:06:07 -0000

On Sep 28, 2007, at 10:51 AM, Agus wrote:
> The question is this..I want to restrict external access, that is  
> from my
> BSD to the internet, to some groups of users. Other groups i want  
> to access
> internet normally. I dont want this group of users to be able to  
> establish
> connections to the internet but yes to the internal systems on the  
> LAN...
>
> Is this possible without hacking the kernel?

Sure.  Install a proxy mechanism like SOCKS or Squid (if you just  
want to control web traffic) which requires users to authenticate  
before they are allowed to connect to the net...

-- 
-Chuck