From owner-freebsd-questions  Wed Oct  8 17:55:47 1997
Return-Path: <owner-freebsd-questions>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id RAA26917
          for questions-outgoing; Wed, 8 Oct 1997 17:55:47 -0700 (PDT)
          (envelope-from owner-freebsd-questions)
Received: from freebie.lemis.com (gregl1.lnk.telstra.net [139.130.136.133])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id RAA26912
          for <questions@FreeBSD.ORG>; Wed, 8 Oct 1997 17:55:43 -0700 (PDT)
          (envelope-from grog@freebie.lemis.com)
Received: (from grog@localhost)
	by freebie.lemis.com (8.8.7/8.8.5) id KAA00390;
	Thu, 9 Oct 1997 10:24:13 +0930 (CST)
Message-ID: <19971009102408.21799@lemis.com>
Date: Thu, 9 Oct 1997 10:24:08 +0930
From: Greg Lehey <grog@lemis.com>
To: "M.R.Murphy" <mrm@Mole.ORG>
Cc: jacques@wired.ctech.ac.za, questions@FreeBSD.ORG
Subject: Re: ifpw and users
References: <199710090045.RAA15680@meerkat.mole.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.84e
In-Reply-To: <199710090045.RAA15680@meerkat.mole.org>; from M.R.Murphy on Wed, Oct 08, 1997 at 05:45:51PM -0700
Organisation: LEMIS, PO Box 460, Echunga SA 5153, Australia
Phone: +61-8-8388-8250
Fax: +61-8-8388-8250
Mobile: +61-41-739-7062
WWW-Home-Page: http://www.lemis.com/~grog
Fight-Spam-Now: http://www.cauce.org
Sender: owner-freebsd-questions@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

On Wed, Oct 08, 1997 at 05:45:51PM -0700, M.R.Murphy wrote:
>> On Wed, Oct 08, 1997 at 01:30:31PM +0200, Jacques Hugo wrote:
>>> Hi there...
>>>
>>> Is the ipfw utils on fbsd smart enough that
>>> it can allow inet access for some users and
>>> deny it for others?
>>
>> No.
>>
>>> Can this be done with the TIS fw toolkit?
>>
>> No.  The Internet Protocols don't support the concept of users.
>
> This blanket "no" may not be answering the implied question. TIS
> FWTK is able to provide excellent user authentication. It can do
> that in conjunction with IP address restrictions by service. In
> that sense it can allow access from an untrusted network (The
> Internet) to a trusted internal network for some users and deny it
> for others. ipfw doesn't do that. ipfw is a packet filter; TIS FWTK
> is an application proxy firewall. Together they can form a very
> powerful firewall, remembering that defining the policy for protection
> may be the hardest part of firewall construction.

I stand corrected.  I was assuming that the TIS toolkit was just a
packet filter.

Greg