From owner-freebsd-questions@FreeBSD.ORG Sun Sep 30 02:50:10 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E1D6416A418 for ; Sun, 30 Sep 2007 02:50:10 +0000 (UTC) (envelope-from mlt01+O2=801f0107@mlists.homeunix.com) Received: from turtle-out.mxes.net (turtle-out.mxes.net [216.86.168.191]) by mx1.freebsd.org (Postfix) with ESMTP id C315A13C455 for ; Sun, 30 Sep 2007 02:50:10 +0000 (UTC) (envelope-from mlt01+O2=801f0107@mlists.homeunix.com) Received: from mxout-03.mxes.net (mxout-03.mxes.net [216.86.168.178]) by turtle-in.mxes.net (Postfix) with ESMTP id 3DE2B1052A for ; Sat, 29 Sep 2007 22:28:09 -0400 (EDT) Received: from gumby.homeunix.com. (unknown [87.81.140.128]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.mxes.net (Postfix) with ESMTP id 870D951927 for ; Sat, 29 Sep 2007 22:28:06 -0400 (EDT) Date: Sun, 30 Sep 2007 03:28:04 +0100 From: RW To: freebsd-questions@freebsd.org Message-ID: <20070930032804.6123c175@gumby.homeunix.com.> In-Reply-To: <46FEEC52.1050705@gmail.com> References: <46FEEC52.1050705@gmail.com> X-Mailer: Claws Mail 3.0.0 (GTK+ 2.10.14; i386-portbld-freebsd6.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Re: Deny access from localhost to internet..... X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 30 Sep 2007 02:50:11 -0000 On Sun, 30 Sep 2007 02:22:42 +0200 Sten Daniel Soersdal wrote: > Agus wrote: > > Hi guys, > > > > How are you today? > > The question is this..I want to restrict external access, that is > > from my BSD to the internet, to some groups of users. Other groups > > i want to access internet normally. I dont want this group of users > > to be able to establish connections to the internet but yes to the > > internal systems on the LAN... > > > > Is this possible without hacking the kernel? > > > > Thanks and salutes for all > > > > You want to restrict internet, but not LAN, access for certain users > logged into your BSD box? > > man ipfw ( look for "uid" and "gid" ) > man pf ( look for "user" and "group" ) > Danger Will Robinson! Don't do that unless you've read the bugs sections of the ipfw and pf.conf man pages.