From owner-freebsd-questions@FreeBSD.ORG  Sun Sep 30 00:22:51 2007
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 83DF816A417
	for <freebsd-questions@freebsd.org>;
	Sun, 30 Sep 2007 00:22:51 +0000 (UTC)
	(envelope-from netslists@gmail.com)
Received: from fk-out-0910.google.com (fk-out-0910.google.com [209.85.128.184])
	by mx1.freebsd.org (Postfix) with ESMTP id 1962513C457
	for <freebsd-questions@freebsd.org>;
	Sun, 30 Sep 2007 00:22:50 +0000 (UTC)
	(envelope-from netslists@gmail.com)
Received: by fk-out-0910.google.com with SMTP id b27so4011553fka
	for <freebsd-questions@freebsd.org>;
	Sat, 29 Sep 2007 17:22:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta;
	h=domainkey-signature:received:received:message-id:date:from:user-agent:mime-version:to:cc:subject:references:in-reply-to:content-type:content-transfer-encoding;
	bh=MCVqXUyVQoUOVpKCRU1WPvD6PE3Dpear5iZU1CaVa2g=;
	b=oh0hTjv2xwVBj8wBO0rF+tVhtuLuUEdoMtgqez4yfwg4S6MmH+TIogVqENwYZt9IfKgec4Twi3k69JIV6z47Us+G+7yePz0Ko7mfEQLTxBBBnCnK0YOyfZ9g4h31pLTDBh8ieRk+Pd0v8ZSrH/Jt6Ul4UpzRFHer1m+e9FaW62o=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta;
	h=received:message-id:date:from:user-agent:mime-version:to:cc:subject:references:in-reply-to:content-type:content-transfer-encoding;
	b=S7I0wCr4xx6MYtZjDWRi50Q7LokG4ColP00597EpfAIpr+TqKaaEBo0St3uJNKwYiV6uiIlFniKEU7CD0wAMErBg6zjM+f1QbacVi5vAF+oMimMVGOO80iXlW2jHtxsRDeLG0CBMFZM3jpoG4ZS6q7YsCf+YEA2pM+GPsQ1xRt4=
Received: by 10.82.134.12 with SMTP id h12mr11397837bud.1191111768742;
	Sat, 29 Sep 2007 17:22:48 -0700 (PDT)
Received: from ?192.168.17.8? ( [91.135.49.237])
	by mx.google.com with ESMTPS id 34sm8035514nfu.2007.09.29.17.22.47
	(version=SSLv3 cipher=RC4-MD5); Sat, 29 Sep 2007 17:22:47 -0700 (PDT)
Message-ID: <46FEEC52.1050705@gmail.com>
Date: Sun, 30 Sep 2007 02:22:42 +0200
From: Sten Daniel Soersdal <netslists@gmail.com>
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: Agus <agus.262@gmail.com>
References: <fda61bb50709281051j4953c79bi295138355edc9ad0@mail.gmail.com>
In-Reply-To: <fda61bb50709281051j4953c79bi295138355edc9ad0@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-questions <freebsd-questions@freebsd.org>
Subject: Re: Deny access from localhost to internet.....
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 30 Sep 2007 00:22:51 -0000

Agus wrote:
> Hi guys,
> 
> How are you today?
> The question is this..I want to restrict external access, that is from my
> BSD to the internet, to some groups of users. Other groups i want to access
> internet normally. I dont want this group of users to be able to establish
> connections to the internet but yes to the internal systems on the LAN...
> 
> Is this possible without hacking the kernel?
> 
> Thanks and salutes for all
> 

You want to restrict internet, but not LAN, access for certain users 
logged into your BSD box?

man ipfw	( look for "uid" and "gid" )
man pf		( look for "user" and "group" )



-- 
Sten Daniel Soersdal