RE: different firewall rules for different users

To: <debian-firewall@lists.debian.org>
Subject: RE: different firewall rules for different users
From: "DUFRESNE, Mathias \(KPF\)" <MATTHIAS.DUFRESNE@airbus.com>
Date: Wed, 3 Mar 2010 12:40:06 +0100
Message-id: <[🔎] 8722_1267616409_4B8E4A99_8722_34_1_A54570CA491AF843B18DD8BC6169BFC00E5A3057@fr0-mailmb11.res.airbus.corp>
References: <8718_1267616145_4B8E498D_8718_4_1_4B8E4955.60009@christiantena.net>

Hello,

This is certainly possible playing with proxy rules. Perhaps with a restricted access for unlogged users and full access for logged (so adults) users.

I haven't played with proxies for years, but what you are seeking is their job.

Kindly regards,

mathias

-----Message d'origine-----
De : Philip [mailto:subs@christiantena.net]
Envoyé : mercredi 3 mars 2010 12:35
À : debian-firewall@lists.debian.org
Objet : different firewall rules for different users

Hello

Is there an easy way to set up different rules for different users of a desktop machine?
I have a small home network with different PCs for different purposes.
There is a general purpose Lenny desktop that the whole family uses.
It has a private IP address.
This can get to the Internet either through NAT on a FreeBSD firewall, or through a Dansguardian
proxy, currently running on a different Etch box. Eventually I plan to migrate dansguardian onto the
freebsd box.

Is there an easy way that if I or another adult is logged in then we can get to the NAT box, but if
one of my (small) children are logged in then the only way out is through the proxy?

I am think that one way would be for some kind of firewall on the desktop with some scripting on
login that modifies the rules.

The other option be that the desktop changes its IP address, or it has alias addresses and uses a
different address depending on who is logged in, and then I could have different rules for the
different addresses on the FreeBSD firewall.

thanks for any help, Philip.

--
To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: [🔎] 4B8E4955.60009@christiantena.net">http://lists.debian.org/[🔎] 4B8E4955.60009@christiantena.net

This mail has originated outside your organization, either from an external partner or the Global Internet.
Keep this in mind if you answer this message.

The information in this e-mail is confidential. The contents may not be disclosed or used by anyone other than the addressee. Access to this e-mail by anyone else is unauthorised.
If you are not the intended recipient, please notify Airbus immediately and delete this e-mail.
Airbus cannot accept any responsibility for the accuracy or completeness of this e-mail as it has been sent over public networks. If you have any concerns over the content of this message or its Accuracy or Integrity, please contact Airbus immediately.
All outgoing e-mails from Airbus are checked using regularly updated virus scanning software but you should take whatever measures you deem to be appropriate to ensure that this message and any attachments are virus free.

Reply to:

Prev by Date: different firewall rules for different users
Next by Date: Re: Desperate for good firewall: ARP and DNS attacks
Previous by thread: Re: different firewall rules for different users
Next by thread: tcp/ip traffic shaping in Debian
Index(es):
- Date
- Thread