From owner-freebsd-security Sat Sep 22 12:51:41 2001 Delivered-To: freebsd-security@freebsd.org Received: from ldc.ro (ldc-gw.pub.ro [192.129.3.227]) by hub.freebsd.org (Postfix) with SMTP id 7971A37B41C for ; Sat, 22 Sep 2001 12:51:34 -0700 (PDT) Received: (qmail 39265 invoked by uid 666); 22 Sep 2001 19:51:31 -0000 Date: Sat, 22 Sep 2001 22:51:31 +0300 From: Alex Popa To: Kris Kennaway Cc: Stanley Hopcroft , FreeBSD-Security@FreeBSD.ORG Subject: Re: Policy based routing/restricting access __inside__ ones net.. Message-ID: <20010922225131.A32410@ldc.ro> References: <20010921105320.A6282@IPAustralia.Gov.AU> <20010920194611.A80266@xor.obsecurity.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010920194611.A80266@xor.obsecurity.org>; from kris@obsecurity.org on Thu, Sep 20, 2001 at 07:46:11PM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, Sep 20, 2001 at 07:46:11PM -0700, Kris Kennaway wrote: > On Fri, Sep 21, 2001 at 10:53:21AM +1000, Stanley Hopcroft wrote: > > > Can ipfilter/ipfw provide ACLs depending on user ? > > Yes, ipfw can. > > Kris It can limit the access based on local users. The way I understood it is that mr Hopcroft wants to limit the traffic based on the remote user (ie the user who is logging into the remote Solaris/FreeBSD/AIX server). I am unsure wether that can be done using ipfw. Regards, Alex ------------+------------------------------------------ Alex Popa, | "Artificial Intelligence is razor@ldc.ro| no match for Natural Stupidity" ------------+------------------------------------------ "It took the computing power of three C-64s to fly to the Moon. It takes a 486 to run Windows 95. Something is wrong here." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message