Date: Wed, 8 Oct 1997 17:45:51 -0700 From: "M.R.Murphy" <mrm@Mole.ORG> To: grog@lemis.com, jacques@wired.ctech.ac.za Cc: questions@FreeBSD.ORG Subject: Re: ifpw and users Message-ID: <199710090045.RAA15680@meerkat.mole.org>
next in thread | raw e-mail | index | archive | help
> On Wed, Oct 08, 1997 at 01:30:31PM +0200, Jacques Hugo wrote: > > Hi there... > > > > Is the ipfw utils on fbsd smart enough that > > it can allow inet access for some users and > > deny it for others? > > No. > > > Can this be done with the TIS fw toolkit? > > No. The Internet Protocols don't support the concept of users. This blanket "no" may not be answering the implied question. TIS FWTK is able to provide excellent user authentication. It can do that in conjunction with IP address restrictions by service. In that sense it can allow access from an untrusted network (The Internet) to a trusted internal network for some users and deny it for others. ipfw doesn't do that. ipfw is a packet filter; TIS FWTK is an application proxy firewall. Together they can form a very powerful firewall, remembering that defining the policy for protection may be the hardest part of firewall construction. > > There are possible ways around this restriction, but you'll have to > relate any restrictions to concepts like IP address and port number. > > Greg > I think Greg was saying the same thing, but the answer might have been misunderstood. -- Mike Murphy mrm@Mole.ORG +1 619 598 5874 Better is the enemy of Good
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199710090045.RAA15680>