On Fri, Sep 29, 2000 at 09:28:25AM +0930, Ben Nagy wrote:
> > -----Original Message-----
> > From: Johannes Kloos [mailto:[EMAIL PROTECTED]]
> > Sent: Friday, 29 September 2000 5:52 AM
> > To: [EMAIL PROTECTED]
> > Subject: Re: User level packet filtering
> >
> >
> > On Thu, Sep 28, 2000 at 11:33:30PM +0500, Abdul Basit wrote:
> > > Hey
> > > Is it possible to do user based packet filtering in *nix ?
> > > say i need to allow telnet access to all but i want to block port
> > > 80(outbound) to some users
> > > while allowing others ?
> > >
> > > something like packet filter checks first checks uid and
> > then apply the
> > > exiting rule ?
> >
> > netfilter (aka iptables) on linux includes "owner matching".
>
> And is there a way to match arbitrary streams from the internal network to a
> given uid?
>
> As far as I can tell the uid matching only works for users actually working
> on the firewall.
Um ... yes. Seems I misunderstood Abdul. Sorry.
[ snip many good alternative solutions ]
> Have I gone crazy again?
No, you haven't. Your solutions are great.
--
Johannes Kloos
"Is ucd-snmp year thread safe?"
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
