1. First you should create a "ruleset on paper" to find out for yourself what your users should be allowed to do in the untrusted network. As you said, for example, you don't want them (or only one ?) to browse the internet (HTTP is Port 80). Should they be allowed to catch and send private mail ? (then you should allow SMTP and POP3)... and so on. After writing all this down to a paper, configure your firewall that it drops ALL packets and only allows the packets the users really need.
2. Why don't you just configure your firewall to drop all outbound packets to Port 80 from a specific IP-Adress or hostname ? Or perhaps an IP-Range ? ------------------------------------------------------- BlueScreen / Florian Hobelsberger (UIN: 101782087) Member of: www.IT-Checkpoint.net www.Hackeinsteiger.de www.NGSecurity.de www.DvLdW.de.vu F�r Fragen im Bereich Datensicherheit wenden Sie sich bitte an: www.Hackeinsteiger-Board.de www.Securitypoint-board.de.vu ================================================================== This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. Forwarding this E-Mail or parts of information out of it is strictly forbidden - legal actions may be taken. If you are not the intended recipient or the person responsible for delivering to the intended recipient, be advised that you have received this email in error and that any use of the information contained within this email or attachments is strictly prohibited. Internet communications are not secure and BlueScreen/Florian Hobelsberger does not accept any legal responsibility for the content of this message. Any opinions expressed in the email are those of the individual and not necessarily those of the Company. If you have received this email in error, or if you are concerned with the content of this email please notify the Sender by telephone on +49 (0)162 337 98 40. ================================================================== To encrypt classified messages, please download and use this PGP-Key: http://www.florian-hobelsberger.de/BlueScreen-PGP-PubKey.txt ================================================================== ----- Original Message ----- From: "Vishal Mukherjee" <[EMAIL PROTECTED]> To: "Firewall" <[EMAIL PROTECTED]> Sent: Tuesday, March 26, 2002 1:46 PM Subject: Any one using winroute pro? > Hi all, > > Newbie to firewall using winroute pro eval version. > > 1. Any standard rules and filters for a dialup connection? > 2. How to block a person to browse the internet though he can use > intranet? > > Suggestions will he highly appreciated. > > > Thanks & Regards > ~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~ > Vishal Mukherjee > "You have not lived... Until you've found someone... > Worth dying for" > ~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~ > > > Visit Our Cement Site at http://www.indorama.co.in > Our Software Site at http://www.irssl.com > > > _______________________________________________ > Firewalls mailing list > [EMAIL PROTECTED] > http://lists.gnac.net/mailman/listinfo/firewalls > _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
