Hej Erich (sorry for PM), thanks once more!
Am 09.07.2015 um 19:41 schrieb Erich Titl: > Hi Boris > > Am 09.07.2015 um 19:24 schrieb Boris: >> Hej Erich, >> > .. >>> >>> You could try to assemble a list of IP addresses for the service you >>> want to access. I would not recommend that. >>> >>> Better you should use rules for specific services, allow those services >>> unrestricted or to a group of addresses you trust. >>> >> >> OK, I'm with you! I didn't mention that the service is running on ports >> 80 an d 443 and that the clients ar supposed to be non-surfing clients! > > Well, how do you restrict it then, if you allow the clients those ports > then potentially they could surf the web, at least part of it. > Sure. I use the shorewall policy file to deny everything and only open the ports for dedicated hosts with the rules. Yes they can surf on gmx.de (in this example) but nothing else. >> >> So, solution #1 is the way to go?? > > I would not, but then... > You need to assemble a list of potential targets. > > If you really want to restrict access,an application proxy is IMHO the > way to go. You can do nifty things with squid if you want to. > Mmhh, ah, application proxy! That could be the key - didn't happen to have that idea! Boris ------------------------------------------------------------------------------ Don't Limit Your Business. Reach for the Cloud. GigeNET's Cloud Solutions provide you with the tools and support that you need to offload your IT needs and focus on growing your business. Configured For All Businesses. Start Your Cloud Today. https://www.gigenetcloud.com/ ------------------------------------------------------------------------ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
