From owner-freebsd-questions  Mon Jan 13 15:13:48 2003
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7EA2537B401
	for <freebsd-questions@freebsd.org>; Mon, 13 Jan 2003 15:13:47 -0800 (PST)
Received: from smtp02.wxs.nl (smtp02.wxs.nl [195.121.6.54])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 1E81C43ED8
	for <freebsd-questions@freebsd.org>; Mon, 13 Jan 2003 15:13:46 -0800 (PST)
	(envelope-from akruijff@dds.nl)
Received: from cybertron.kruijff ([213.10.151.186]) by
          smtp02.wxs.nl (Netscape Messaging Server 4.15) with ESMTP id
          H8ODV502.EJL; Tue, 14 Jan 2003 00:13:53 +0100 
Date: Tue, 14 Jan 2003 00:13:17 +0100
From: Alex <akruijff@dds.nl>
X-Mailer: The Bat! (v1.62 Christmas Edition) Personal
Reply-To: Alex <akruijff@dds.nl>
X-Priority: 3 (Normal)
Message-ID: <17930646176.20030114001317@dds.nl>
To: "Steve Winnacott" <swinnacott@datasyrge.com>
Cc: "Alex" <freebsd-reply@akruijff.dds.nl>,
	freebsd-questions@freebsd.org
Subject: ipfw question (was: Re[2]: Question)
In-Reply-To: <000601c2baa8$966579e0$0201a8c0@slipstream.datasyrge.net>
References: <000601c2baa8$966579e0$0201a8c0@slipstream.datasyrge.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG


Dear/Beste Steve,

Monday, January 13, 2003, 3:07:53 AM, you wrote:

>>Dear/Beste Steve,
>>
>>Monday, January 13, 2003, 12:23:09 AM, you wrote:
>>
>>> Hey people,
>>
>>> I'm having trouble limiting users to certain services on my LAN.
>>
>>> Here's what im trying to do.
>>
>>> Based on group membership, allow or deny certain users access to certain
>>> outgoing services (www, telnet, ftp, ssh, ping, traceroute, etc). Again
> this
>>> is not IP based, but based on group membership. Everyone can log into any
> PC
>>> on the LAN. I've seen something like this done in Novell, where based on
> a
>>> users group context, their access is limited to certain services.
>>
> Can it be done based on groups? These people don't have static ips

Yes but you use the account on the server machine. Just check out the
'man ipfw'. I'm not an expert on this; just try it out.


-- 
Best regards/Met vriendelijke groet,
Alex


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message