Hi Boris Am 09.07.2015 um 19:24 schrieb Boris:
Hej Erich,
..
You could try to assemble a list of IP addresses for the service you want to access. I would not recommend that. Better you should use rules for specific services, allow those services unrestricted or to a group of addresses you trust.OK, I'm with you! I didn't mention that the service is running on ports 80 an d 443 and that the clients ar supposed to be non-surfing clients!
Well, how do you restrict it then, if you allow the clients those ports then potentially they could surf the web, at least part of it.
So, solution #1 is the way to go??
I would not, but then... You need to assemble a list of potential targets.If you really want to restrict access,an application proxy is IMHO the way to go. You can do nifty things with squid if you want to.
cheers Erich
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------ Don't Limit Your Business. Reach for the Cloud. GigeNET's Cloud Solutions provide you with the tools and support that you need to offload your IT needs and focus on growing your business. Configured For All Businesses. Start Your Cloud Today. https://www.gigenetcloud.com/
------------------------------------------------------------------------ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
