From owner-freebsd-questions Mon Jun 5 16: 3:59 2000 Delivered-To: freebsd-questions@freebsd.org Received: from gekko.i-clue.de (server.ms-agentur.de [62.153.134.194]) by hub.freebsd.org (Postfix) with ESMTP id 4512E37B95A for ; Mon, 5 Jun 2000 16:03:51 -0700 (PDT) (envelope-from so@server.i-clue.de) Received: from i-clue.de (automatix.i-clue.de [192.168.0.112]) by gekko.i-clue.de (8.9.3/8.9.3/SuSE Linux 8.9.3-0.1) with ESMTP id DAA13206; Tue, 6 Jun 2000 03:06:51 +0200 Message-ID: <393C31F3.799F3F47@i-clue.de> Date: Tue, 06 Jun 2000 01:04:19 +0200 From: Christoph Sold Organization: i-clue interactive GmbH X-Mailer: Mozilla 4.73 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: Joe Konecny Cc: freebsd-questions@FreeBSD.ORG Subject: Re: blocking web access/allow email References: <393BF0A6.7994D513@green-mfg.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Joe Konecny wrote: > Is it a pain to block web access and allow email access to > workstations (running win9x) using my fbsd firewall. I'm > thinking that because I'm running DHCP I will have to constantly > monitor what machine has what ip address and make sure that they > are blocked. Then a savy user could enter an address instead > of the DHCP address. Any tips? Web acces is done using port 80, SMTP, POP and IMAP use other ports. So block port 80 everywhere. If you're using dhcp, you should have defined one block of network adresses for dhcpds use. There is no problem to restrict the rule above to the network block used by dhcp. OTOH... allow SMTP POP IMAP from any to deny all will surely block everything except mail. HTH -Christoph Sold To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message