Firewall Wizards mailing list archives
Re: Blocking MSN (and any other service for that matter)
From: Carric Dooley <carric () com2usa com>
Date: Fri, 23 Apr 2004 00:32:42 -0400 (EDT)
On Thu, 22 Apr 2004, Chuck Vose wrote:
# table IM not permitted table <NoIM> { 192.168.1.210 192.168.1.211 192.168.1.212 192.168.1.213 192.168.1.214 192.168.1.215 192.168.1.216 192.168.1.217 192.168.1.218 192.168.1.219 192.168.1.220 192.168.1.221 192.168.1.222 192.168.1.223 192.168.1.224 192.168.1.225 }I wonder if there isn't a better way to do this. Seems like every time you add an intern or lose one you have to adjust this table unless they're using the same mac address. What if they bring in a laptop? The method my school uses is to allow all people access to a subnet of wounded IP's, these can't do anything interesting other than contact the registration http server. Once registered it gives the computer a permanent IP and writes their info in a file so that the firewall can decide what to allow through. Instead: table <NoIM> { hash:/var/dhcp-intern-hosts } Or whatever the equivalent is. Would this be feasible / useful in this case?
Ahh.. this makes me think of 802.1Q. I have not seen it actually deployed anywhere however... Authentication based Virtual VLAN's would fit nicely here.
_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
-- Carric Dooley COM2:Interactive Media http://www.com2usa.com _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Blocking MSN (and any other service for that matter) Jean Paul López (Apr 22)
- Re: Blocking MSN (and any other service for that matter) Chuck Vose (Apr 22)
- Re: Blocking MSN (and any other service for that matter) Carric Dooley (Apr 23)
- Re: Blocking MSN (and any other service for that matter) Chuck Vose (Apr 23)
- Re: Blocking MSN (and any other service for that matter) Paul D. Robertson (Apr 23)
- Re: Blocking MSN (and any other service for that matter) Carric Dooley (Apr 23)
- Re: Blocking MSN (and any other service for that matter) Jean Paul López (Apr 23)
- Re: Blocking MSN (and any other service for that matter) Chuck Vose (Apr 22)
- <Possible follow-ups>
- RE: Blocking MSN (and any other service for that matter) MHawkins (Apr 23)
- RE: Blocking MSN (and any other service for that matter) Chuck Vose (Apr 24)