Thanks everybody for their input. Company policy is a big way to destroy morale and make people unproductive. The people that i'm trying to restrict are web programmers and know many ways to circumvent squid and acls. I do redirect all http traffic to a squid box but i cannot make a whitelist of websites. Besides all of this some people do need to maintain messenger contacts because they deal with sales.
In a way this relates to shorewall because i'm also having some issues if i break the whole lan into multiple subnets. I did not thought of controlling the destination of the packets that go out on port 25 and this will be a start in refining the access control. I stumbled on layer 7 looking for a fix to this problem but i'm using an openvz kernel (see www.openvz.org) and i thought at using their userspace tools. I think i will give them a shot. Discussions with the management left me in charge to block messenger access and it will take longer until i reinstall all the workstations since they need some maintenance working and i thought it will be easier to control access from a firewall point of view, boy i was wrong. ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
