On Thu, 30 Jan 2003 09:30:40 PST Ray wrote:

> Brad's comment below is the right general response for giving a host 
> limited access to the Internet, allowing it only to use a single service, 
> but it assumes that (a) "just the LiveUpdate port(s)" has a useful 
> definition and (b) "the LiveUpdate servers" is a well-defined group (by IP 
> address).

Indeed.  I should have read the first post in the thread.  The
important point I missed was:

  On Wed, 29 Jan 2003 11:04:19 CST Homer Parker wrote:
  
  > liveupdate.symantecliveupdate.com
  > resolves to several IPs on akamai.net, so putting in IPs will be a
  > constant game of whack-a-mole :( I

Which means, as Ray said, you'll need to use application level
filtering.  If you don't want to run the proxy under Bering, the
shorewall transparent proxy information at:

  http://shorewall.net/Shorewall_Squid_Usage.html

might be useful.

--Brad



-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Reply via email to