[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Controlling Internet access by users/groups



On Thu, Sep 21, 2006 at 09:40:56 -0300,
  "Marcelo Magno T. Sales" <marcelo sales sefaz pe gov br> wrote:
> We use MS ISA server to restrict Internet access, by user and by application. 
> For example, I can set it up so that user A can access HTTP servers and use 
> instant messengers, while users from group B are allowed to access FTP 
> servers and users from group C are forbidden any access (users and groups are 
> stored in Active Directory).
> 
> Is there a way to get the results I need using Linux clients?

ipchains can have rules that check who the user is. There are some packets
that won't have a user associated with them, but it should do a pretty
reasonable job of doing what you want. If you want only specific programs
to be used then you probably need to look at using SELinux. (There is
a command feature in iptables, but this doesn't point to a specific file,
but rather a command name. So that people can easily get around this
restriction.)


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]