If you want to block all outgoing http and https request, just put in
the top of your ipfilter rules something like :
block out quick on INTERFACE proto tcp from any to any port = 80
block out quick on INTERFACE proto tcp from any to any port = 443
These need to be placed at the top of your ipf.conf file. It will
BLOCK all traffic from that server to anything going on port 80 or
443. If you want to log it put a "log" between the out and quick words:
block out log quick ......
Now the user could also configure their web browser to use a proxy
service outside of your network on a different port besides 80 or 443,
in that case you may want to turn logging on for stuff going out of
your network and watch and see if some proxy ports show up (most of
the time 8080,3128, etc)...
Hope that helps.
jason
On Oct 25, 2007, at 8:41 AM, Carl Holzhauer wrote:
I wanted to completely block services like http and https
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
] On Behalf Of Lars Tunkrans
Sent: Wednesday, October 24, 2007 4:06 PM
To: SunRay-Users mailing list
Subject: Re: [SunRay-Users] SRSS and IPFilter
isn't IPFilter a rather crude tool for achiveing selective URL
blocking of "interesting" websites ?
Or did you want to block complete services like FTP ?
We have created a KIOSK solaris 10 container where Sun Ray kiosk
users are running their Browser .
The kiosk zone has it own IP address. this separate IP address is
then
limited in its reach by the external firewall.
//Lars
Carl Holzhauer wrote:
Does anyone have any experience with using IPFilter to block Internet
access for SunRay's?
I'm wondering what I need to block with IPFilter to restrict Internet
access for the DTU's
Thanks//
_______________________________________________
SunRay-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sunray-users
_______________________________________________
SunRay-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sunray-users
_______________________________________________
SunRay-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sunray-users
