From: Dave Airlie (david.airlie at domain ul.ie)
Date: Tue 28 Sep 1999 - 18:29:22 IST
Ahh .. It doesn't patch cleanly but using a large sledgehammer big drill
and a few other things I left at home it can be done... I'll drop a patch
up somewhere if you wish....... I've just patched two machines, also there
is a bug in ipacct-0.7d that requires moving some code from one piece of
ip_output.c to another after apply it ... I'll give it a go and making a
2.2.12 patch and sending it to the ipacct list which I'm not actually on
... of course this will be done tomorrow cause my head no longer functions
due to someone annoyance of disk geometrys and LILO and 2.0 vs 2.2
arrggh..
Dave.
On Tue, 28 Sep 1999, Dave Burke wrote:
> Yeah I looked into this a while back, basically 'cause I was told "skynet
> do it this way, this is the right way........" and it's a nice way to do
> things. Problem with ipacct is that the
> patches for 2.2.3 don't work on the kernels above 2.2.5. I'm on the
> useripacct mailing list and it's very low volume, but theres been no
> developments recently and the website hasn't been updated since march :(
> I even posted this morning looking for a patch for 2.2.12 but still no
> reply.
>
> Dave
>
> On Tue, 28 Sep 1999, Dave Airlie wrote:
>
> >
> > Well we do that here on skynet, only admin users have Internet access from
> > the skynet machine, everyone else gets locked down, but can still access
> > the UL network it is not part of the standard kernel, the patch is called
> > ipacct, I actually hacked parts of this myself a few years ago, but now
> > the original author has gotten someone to do it properly, so search for
> > ipacct on freshmeat and read on ..
> >
> > Dave.
> >
> > On Tue, 28 Sep 1999, kevin lyda wrote:
> >
> > >
> > > let's say i want to limit internet access per user on a linux box. in
> > > table form it might look like:
> > >
> > > user ip address protocol port action
> > > kevin ANY ANY ANY ALLOW
> > > nobody ANY ANY ANY ALLOW
> > > root ANY ANY ANY ALLOW
> > > ANY 10.0.0.0/8 ANY ANY ALLOW # local network
> > > ANY ANY ANY ANY DENY
> > >
> > > thus, user bob could log into the machine, and access other machines
> > > in the local network, but only users kevin, nobody, and root could
> > > access the internet from the machine.
> > >
> > > anyone done this?
> > >
> > > kevin
> > >
> > >
> >
> > --
> > ------------ David Airlie, David.Airlie at domain ul.ie,airlied at domain skynet --------
> > Telecommunications Research Centre, ECE Dept, University of Limerick \
> > http://www.csn.ul.ie/~airlied -- Telecommunications Researcher \
> > --- TEL: +353-61-202695 -----------------------------------------------
> >
> >
> > --
> > Irish Linux Users' Group: ilug at domain linux.ie
> > http://www.linux.ie/mailman/listinfo/ilug for (un)subscription information.
> > List maintainer: listmaster at domain linux.ie
> >
> >
>
-- ------------ David Airlie, David.Airlie at domain ul.ie,airlied at domain skynet -------- Telecommunications Research Centre, ECE Dept, University of Limerick \ http://www.csn.ul.ie/~airlied -- Telecommunications Researcher \ --- TEL: +353-61-202695 -----------------------------------------------
This archive was generated by hypermail 2.1.6 : Thu 06 Feb 2003 - 13:04:37 GMT