Oh, one thing I just thought of. Does the updatemanager use port 80 to search for new updates, or does it use a different port?
Thanks -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Grove Sent: Sunday, November 11, 2007 9:23 PM To: SunRay-Users mailing list Subject: Re: [SunRay-Users] SRSS and IPFilter If you want to block all outgoing http and https request, just put in the top of your ipfilter rules something like : block out quick on INTERFACE proto tcp from any to any port = 80 block out quick on INTERFACE proto tcp from any to any port = 443 These need to be placed at the top of your ipf.conf file. It will BLOCK all traffic from that server to anything going on port 80 or 443. If you want to log it put a "log" between the out and quick words: block out log quick ...... Now the user could also configure their web browser to use a proxy service outside of your network on a different port besides 80 or 443, in that case you may want to turn logging on for stuff going out of your network and watch and see if some proxy ports show up (most of the time 8080,3128, etc)... Hope that helps. jason On Oct 25, 2007, at 8:41 AM, Carl Holzhauer wrote: > I wanted to completely block services like http and https > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > ] On Behalf Of Lars Tunkrans > Sent: Wednesday, October 24, 2007 4:06 PM > To: SunRay-Users mailing list > Subject: Re: [SunRay-Users] SRSS and IPFilter > > isn't IPFilter a rather crude tool for achiveing selective URL > blocking of "interesting" websites ? > Or did you want to block complete services like FTP ? > > We have created a KIOSK solaris 10 container where Sun Ray kiosk > users are running their Browser . > The kiosk zone has it own IP address. this separate IP address is > then > limited in its reach by the external firewall. > > //Lars > > > Carl Holzhauer wrote: >> >> Does anyone have any experience with using IPFilter to block Internet >> access for SunRay's? >> >> >> >> I'm wondering what I need to block with IPFilter to restrict Internet >> access for the DTU's >> >> >> >> Thanks// >> >> >> > _______________________________________________ > SunRay-Users mailing list > [email protected] > http://www.filibeto.org/mailman/listinfo/sunray-users > > _______________________________________________ > SunRay-Users mailing list > [email protected] > http://www.filibeto.org/mailman/listinfo/sunray-users _______________________________________________ SunRay-Users mailing list [email protected] http://www.filibeto.org/mailman/listinfo/sunray-users _______________________________________________ SunRay-Users mailing list [email protected] http://www.filibeto.org/mailman/listinfo/sunray-users
