From owner-freebsd-questions Sat Mar 23 15:41:53 2002 Delivered-To: freebsd-questions@freebsd.org Received: from rain.macguire.net (sense-sea-MegaSub-1-125.oz.net [216.39.144.125]) by hub.freebsd.org (Postfix) with ESMTP id BD06237B41F for ; Sat, 23 Mar 2002 15:41:37 -0800 (PST) Received: (from roo@localhost) by rain.macguire.net (8.11.6/8.11.6) id g2NNgAT04658; Sat, 23 Mar 2002 15:42:10 -0800 (PST) (envelope-from roo) Date: Sat, 23 Mar 2002 15:42:10 -0800 From: Benjamin Krueger To: Courtney Thomas Cc: freebsd-questions@freebsd.org Subject: Re: Maintaining Access Control Lists (was: So long and thanks for all the fish) Message-ID: <20020323154210.B3911@rain.macguire.net> References: <20020323002608.B20699@rain.macguire.net> <3C9C84CF.2090300@flash.net> <20020323084327.A354@rain.macguire.net> <3C9CD6B5.4090806@flash.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <3C9CD6B5.4090806@flash.net>; from ccthomas@flash.net on Sat, Mar 23, 2002 at 02:25:41PM -0500 X-PGP-Key: http://www.macguire.net/benjamin/public_key.asc Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG * Courtney Thomas (ccthomas@flash.net) [020323 11:20]: > Thank you for your reply. > > I'm using IPFW though clearly not well. I'd appreciate an > ACL example using IPFW. > > Cordially, > Courtney > > Benjamin Krueger wrote: > > * Courtney Thomas (ccthomas@flash.net) [020323 07:18]: > > > >>Please advise on implementing an ACL for not only ssh but > >>"anyArbitrary" program ? > >> > >>Appreciatively, > >>Courtney > >> > > > > Well, the most obvious way is to maintain ACLs for all of your applications using > > IPFW or IPFilter. That has the advantage of central configuration for every single > > network app. Unfortunately, I am a very IPFilter oriented person, and have not had the time to go over the intricacies of IPFW. I've also found the documentation and related literature for IPFW to be less than what I would expect from the project when I have been able to glance at it. Maybe this isn't so. Someday when I get more time, I'll volunteer to write more in depth IPFW information. =) Until then, I thought it best to forward this request for creating an Access Control List on to the Freebsd-questions@ list. You folks can certainly give Courtney some good guidance and a few examples to start with. =) -- Benjamin Krueger "Life is far too important a thing ever to talk seriously about." - Oscar Wilde (1854 - 1900) ---------------------------------------------------------------- Send mail w/ subject 'send public key' or query for (0x251A4B18) Fingerprint = A642 F299 C1C1 C828 F186 A851 CFF0 7711 251A 4B18 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message