[ale] Blocking Internet access for certain users

Dow Hurst dhurst at kennesaw.edu
Tue Oct 28 12:21:36 EST 2003


If the IP spaces for each building are separate then you can allow http 
packets to one range and not to another, even if all traffic goes thru 
one interface.
Dow


Dow Hurst wrote:

> The easiest way to manage your data in that situation is to have an 
> additional interface on the firewall so building 1 and 2 have separate 
> interfaces with separate rulesets.
> Dow
>
>
> nick travis wrote:
>
>> I need to block all Internet access for a few users.  What would be the
>> simplest way to implement this, I have an IPtables firewall and the
>> machines are currently on dhcp, but I could define static addresses if I
>> need to, although I would prefer to do it based on MAC address.
>>
>> Not sure if this matters or not but here's the layout.  I have 2
>> buildings, I want everyone in building 1(offices) to have full access,
>> but I want the people in building 2(production) to only have access to
>> local systems, including the firewall which doubles as a mail server,
>> there's a fiber link between the buildings(or there will be next 
>> week). I thought about connecting this to the firewall but I would 
>> rather run
>> it to the backbone switch for building 1.  Hope that makes sense. I'm
>> sure I could make it work, but I wanted some input as to the best way to
>> do it. Thanks!
>>
>> Nick
>>
>>
>>  
>>
>

-- 
__________________________________________________________
Dow Hurst                  Office: 770-499-3428            *
Systems Support Specialist    Fax: 770-423-6744            *
1000 Chastain Rd. Bldg. 12                                 *
Chemistry Department SC428  Email:   dhurst at kennesaw.edu   *
Kennesaw State University         Dow.Hurst at mindspring.com *
Kennesaw, GA 30144                                         *
************************************************************
This message (including any attachments) contains          *
confidential information intended for a specific individual*
and purpose, and is protected by law.  If you are not the  *
intended recipient, you should delete this message and are *
hereby notified that any disclosure, copying, distribution *
of this message, or the taking of any action based on it,  *
is strictly prohibited.                                    *
************************************************************




More information about the Ale mailing list