On Thu, 30 Jan 2003 09:30:40 PST Ray wrote: > Brad's comment below is the right general response for giving a host > limited access to the Internet, allowing it only to use a single service, > but it assumes that (a) "just the LiveUpdate port(s)" has a useful > definition and (b) "the LiveUpdate servers" is a well-defined group (by IP > address).
Indeed. I should have read the first post in the thread. The important point I missed was: On Wed, 29 Jan 2003 11:04:19 CST Homer Parker wrote: > liveupdate.symantecliveupdate.com > resolves to several IPs on akamai.net, so putting in IPs will be a > constant game of whack-a-mole :( I Which means, as Ray said, you'll need to use application level filtering. If you don't want to run the proxy under Bering, the shorewall transparent proxy information at: http://shorewall.net/Shorewall_Squid_Usage.html might be useful. --Brad ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html