On Fri, 29 Sep 2000, Ben Nagy wrote:
> > -----Original Message-----
> > From: Johannes Kloos [mailto:[EMAIL PROTECTED]]
> > Sent: Friday, 29 September 2000 5:52 AM
> > To: [EMAIL PROTECTED]
> > Subject: Re: User level packet filtering
> >
> >
> > On Thu, Sep 28, 2000 at 11:33:30PM +0500, Abdul Basit wrote:
> > > Hey
> > > Is it possible to do user based packet filtering in *nix ?
> > > say i need to allow telnet access to all but i want to block port
> > > 80(outbound) to some users
> > > while allowing others ?
> > >
> I know I'm kind of re-inventing the wheel - this is supposed to be what
> SOCKS is for, right? But SOCKS doesn't look like it will ever be standard
> issue on every desktop, and IPSec can easily be modified to use encryption
> if your security model requires it.
There is, AFAIK, no current method for doing this on a single Unix
Boxen. You could hack together a method for doing this, but it's benefit
may not be worth the effort. Do you actually want users to have accounts
on your firewall ? And some of these users might not have the same level
of trust ?
I see a pro for implementing this on shell servers, with certain user
being able to communicate to other networks based on levels of
trust. I think for the majority of the cases, IPsec clients and socks
clients are the way to handle user authentication based ACLs.
.truman.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
