Re: Firewalling at the domain users level instead of network level
On 18 Jul 2004, Mike Mestnik wrote:
> I'm not sure about the windows world, but you have several options in
> linux for a 'dynamic' firewalling.
>
> 1. FWMark.
> I would hope that A simple regkey would let you setup FWMark. If I'm not
> mistaken you can set regkeys in your workgroup for each user.
Could you post a reference to this? As far as I know, the 'firewall
marking' is a Linux specific thing, and local to an individual machine.
A quick google check couldn't turn up anything about Windows being able
to set, or transmit, any "FWMark" protocol or packet indicator...
[...]
> 3. Crontab based scripts.
> This is the most likely to work. On login a script can FTP upload the
> username/hostname rules and on logout remove them. Then a script like the
> following...
This is trivially abusable; if you rely on the client machine to
identify itself you may as well simply use a proxy system and trust
users to participate...
Daniel
--
Given the right nuances, indifference can pack a wallop: Yadda will outsnide
blah, for instance, but wither before the passive-aggressive champ, whatever.
-- Leslie Savan
Reply to: