From: Dave Airlie (david.airlie at domain ul.ie)
Date: Tue 28 Sep 1999 - 16:17:44 IST
Well we do that here on skynet, only admin users have Internet access from
the skynet machine, everyone else gets locked down, but can still access
the UL network it is not part of the standard kernel, the patch is called
ipacct, I actually hacked parts of this myself a few years ago, but now
the original author has gotten someone to do it properly, so search for
ipacct on freshmeat and read on ..
Dave.
On Tue, 28 Sep 1999, kevin lyda wrote:
>
> let's say i want to limit internet access per user on a linux box. in
> table form it might look like:
>
> user ip address protocol port action
> kevin ANY ANY ANY ALLOW
> nobody ANY ANY ANY ALLOW
> root ANY ANY ANY ALLOW
> ANY 10.0.0.0/8 ANY ANY ALLOW # local network
> ANY ANY ANY ANY DENY
>
> thus, user bob could log into the machine, and access other machines
> in the local network, but only users kevin, nobody, and root could
> access the internet from the machine.
>
> anyone done this?
>
> kevin
>
>
-- ------------ David Airlie, David.Airlie at domain ul.ie,airlied at domain skynet -------- Telecommunications Research Centre, ECE Dept, University of Limerick \ http://www.csn.ul.ie/~airlied -- Telecommunications Researcher \ --- TEL: +353-61-202695 -----------------------------------------------
This archive was generated by hypermail 2.1.6 : Thu 06 Feb 2003 - 13:04:37 GMT