It may, but I have not used it so I am not 100% sure, if it does find
out what IP's it is going to and put an explicit pass out quick before
the block out quick lines for those IP's then they will be allowed out
to the internet.
jason
On Nov 12, 2007, at 9:52 AM, Carl Holzhauer wrote:
Oh, one thing I just thought of. Does the updatemanager use port 80
to search for new updates, or does it use a different port?
Thanks
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
] On Behalf Of Jason Grove
Sent: Sunday, November 11, 2007 9:23 PM
To: SunRay-Users mailing list
Subject: Re: [SunRay-Users] SRSS and IPFilter
If you want to block all outgoing http and https request, just put in
the top of your ipfilter rules something like :
block out quick on INTERFACE proto tcp from any to any port = 80
block out quick on INTERFACE proto tcp from any to any port = 443
These need to be placed at the top of your ipf.conf file. It will
BLOCK all traffic from that server to anything going on port 80 or
443. If you want to log it put a "log" between the out and quick
words:
block out log quick ......
Now the user could also configure their web browser to use a proxy
service outside of your network on a different port besides 80 or 443,
in that case you may want to turn logging on for stuff going out of
your network and watch and see if some proxy ports show up (most of
the time 8080,3128, etc)...
Hope that helps.
jason
On Oct 25, 2007, at 8:41 AM, Carl Holzhauer wrote:
I wanted to completely block services like http and https
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
] On Behalf Of Lars Tunkrans
Sent: Wednesday, October 24, 2007 4:06 PM
To: SunRay-Users mailing list
Subject: Re: [SunRay-Users] SRSS and IPFilter
isn't IPFilter a rather crude tool for achiveing selective URL
blocking of "interesting" websites ?
Or did you want to block complete services like FTP ?
We have created a KIOSK solaris 10 container where Sun Ray
kiosk
users are running their Browser .
The kiosk zone has it own IP address. this separate IP address is
then
limited in its reach by the external firewall.
//Lars
Carl Holzhauer wrote:
Does anyone have any experience with using IPFilter to block
Internet
access for SunRay's?
I'm wondering what I need to block with IPFilter to restrict
Internet
access for the DTU's
Thanks//
_______________________________________________
SunRay-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sunray-users
_______________________________________________
SunRay-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sunray-users
_______________________________________________
SunRay-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sunray-users
_______________________________________________
SunRay-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sunray-users
_______________________________________________
SunRay-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sunray-users
