use the --uid-owner option in iptables
-avati
On Fri, 17 May 2002, Eric Friedrich wrote:
> Using one of the non-commercial firewalls like IPtables or the openbsd
> firewall(its name escapes me), how would you allow outgoing connections
> with authenication? I assume that if you were to be logged in as a
> certain user, then it allows outgoing connections? Thanks in advance
>
> limited
>
>
> ----- Original Message -----
> From: "Bell, James (AZ76)" <[EMAIL PROTECTED]>
> To: "'Craig Brauckmiller'" <[EMAIL PROTECTED]>;
> <[EMAIL PROTECTED]>
> Sent: Tuesday, May 14, 2002 8:20 PM
> Subject: RE: Outbound Firewall Rules for a Web Server
>
>
> : 2. Yes! For example, I've seen a place with two rules setup for
> outbound
> : http/https/ftp access in CP FW-1: second one blocked all outbound
> http/s/ftp
> : access from webservers; first one allowed them with user
> authentication for
> : the web server admins so they could update them easily. Put a short
> time
> : limit before auth expires, just a few minutes. If a machine does
> manage to
> : get infected by a Nimda/CR type worm, it at least won't spread through
> a web
> : vector.
>
>
>
------------------------------------------------------------------------------
It would seem that evil retreats when forcibly confronted.
-- Yarnek of Excalbia, "The Savage Curtain", stardate 5906.5
