Controlling Internet access by users/groups

Bruno Wolff III bruno at wolff.to
Fri Sep 22 06:12:20 UTC 2006


On Thu, Sep 21, 2006 at 09:40:56 -0300,
  "Marcelo Magno T. Sales" <marcelo.sales at sefaz.pe.gov.br> wrote:
> We use MS ISA server to restrict Internet access, by user and by application. 
> For example, I can set it up so that user A can access HTTP servers and use 
> instant messengers, while users from group B are allowed to access FTP 
> servers and users from group C are forbidden any access (users and groups are 
> stored in Active Directory).
> 
> Is there a way to get the results I need using Linux clients?

ipchains can have rules that check who the user is. There are some packets
that won't have a user associated with them, but it should do a pretty
reasonable job of doing what you want. If you want only specific programs
to be used then you probably need to look at using SELinux. (There is
a command feature in iptables, but this doesn't point to a specific file,
but rather a command name. So that people can easily get around this
restriction.)




More information about the fedora-list mailing list