[NoCat] How to restrict access for authenticated user
Nicolas Schmitz
Nicolas.Schmitz at ec-nantes.fr
Mon Sep 25 08:38:20 PDT 2006
Hi,
I think you can restrict access in gateway/nocat.conf with IncludePorts
and ExcludePorts. No need to patch initialize.fw
Nicolas Schmitz
Jean-Philippe CAMBOURNAC wrote:
> Hi all,
>
> I whant to restrict access for authenticated users, I explain :
> When a user is authenticated, he has full access on Internet (http,
> https, pop, smtp, imap, ssh...) :
> (from .../nocat/bin/initialize.fw (on the GW))
>
> (...)
> # Handle tagged traffic.
> #
> for iface in $InternalDevice; do
> for net in $LocalNetwork; do
> for fwmark in $classes; do
> # Only forward tagged traffic per class
> $fwd -i $iface -s $net -m mark --mark $fwmark -j ACCEPT
> (...)
>
> Replacing the last line by :
> for port in "80 443"; do
> $fwd -i $iface -p tcp --dport $port -s $net -m mark --mark $fwmark
> -j ACCEPT
> done
>
> But this "Patch" doesn't work. Perhaps on the bin/access.fw file...
>
> So, if anybody have an idea where can I define firewall rules to
> restrict access to only http and https for authenticated user, it will
> help me a lot.
>
> Thanks.
> Regards,
> Jean-Philippe.
>
> _______________________________________________
> NoCat mailing list
> NoCat at lists.nocat.net
> http://lists.nocat.net/mailman/listinfo/nocat
>
More information about the NoCat
mailing list