On Fri, 2004-05-07 at 05:30, Askari wrote: > Hello All, > I have a gateway connect to internet, use shorewall system. > I use Bering Uclibc V 2.0, i need to protect some one in my LAN connect > to internet using port 80. > He can access websites only like yahoo.com and hotmail.com, how i set on > shorewall ? > > Thank's > Askari >
as jay said proxy is better for this, but it can be done in shorewall to in shorewall rules REJECT loc:~00-A0-C9-15-39-78 net tcp 80 ACCEPT loc:~00-A0-C9-15-39-78 net:www.yahoo.com tcp 80 ACCEPT loc:~00-A0-C9-15-39-78 net:www.whatever.com tcp 80 where 00-A0-C9-15-39-78 is the mac address of the network card of the user that needs restricting. can be replaced by ip address if that is more sensible in your network this only restricts port 80 keep in mind when using hostnames, that if dns is unavailable when you restart shorewall, the shorwall script will fail to avild, replace www.yahoo.com with the current ip of www.yahoo.com also if the same ip serves other sites then www.yahoo.com thru virtual hosting those sites will be available. (unlikly on such large sites) good luck -- Ronny Aasen <[EMAIL PROTECTED]> ------------------------------------------------------- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
