Date: Thu, 9 Oct 1997 10:24:08 +0930 From: Greg Lehey <grog@lemis.com> To: "M.R.Murphy" <mrm@Mole.ORG> Cc: jacques@wired.ctech.ac.za, questions@FreeBSD.ORG Subject: Re: ifpw and users Message-ID: <19971009102408.21799@lemis.com> In-Reply-To: <199710090045.RAA15680@meerkat.mole.org>; from M.R.Murphy on Wed, Oct 08, 1997 at 05:45:51PM -0700 References: <199710090045.RAA15680@meerkat.mole.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Oct 08, 1997 at 05:45:51PM -0700, M.R.Murphy wrote: >> On Wed, Oct 08, 1997 at 01:30:31PM +0200, Jacques Hugo wrote: >>> Hi there... >>> >>> Is the ipfw utils on fbsd smart enough that >>> it can allow inet access for some users and >>> deny it for others? >> >> No. >> >>> Can this be done with the TIS fw toolkit? >> >> No. The Internet Protocols don't support the concept of users. > > This blanket "no" may not be answering the implied question. TIS > FWTK is able to provide excellent user authentication. It can do > that in conjunction with IP address restrictions by service. In > that sense it can allow access from an untrusted network (The > Internet) to a trusted internal network for some users and deny it > for others. ipfw doesn't do that. ipfw is a packet filter; TIS FWTK > is an application proxy firewall. Together they can form a very > powerful firewall, remembering that defining the policy for protection > may be the hardest part of firewall construction. I stand corrected. I was assuming that the TIS toolkit was just a packet filter. Greg
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19971009102408.21799>