Re: [fw-wiz] Blocking MSN (and any other service for that matter)

From: Chuck Vose (vosechu_at_roman-fleuve.com)
Date: 04/22/04

  • Next message: Chuck Vose: "RE: [fw-wiz] K----'s Waning Security" 
    To: Jean Paul López <jplopez@netthink.es>
Date: Thu, 22 Apr 2004 10:56:55 -0700

    > # table IM not permitted
    > table <NoIM> { 192.168.1.210 192.168.1.211 192.168.1.212 192.168.1.213
    > 192.168.1.214 192.168.1.215 192.168.1.216 192.168.1.217 192.168.1.218
    > 192.168.1.219 192.168.1.220 192.168.1.221 192.168.1.222 192.168.1.223
    > 192.168.1.224 192.168.1.225 }

    I wonder if there isn't a better way to do this. Seems like every time
    you add an intern or lose one you have to adjust this table unless
    they're using the same mac address. What if they bring in a laptop?

    The method my school uses is to allow all people access to a subnet of
    wounded IP's, these can't do anything interesting other than contact the
    registration http server. Once registered it gives the computer a
    permanent IP and writes their info in a file so that the firewall can
    decide what to allow through.

    Instead:
    table <NoIM> { hash:/var/dhcp-intern-hosts }

    Or whatever the equivalent is. Would this be feasible / useful in this
    case?

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: Chuck Vose: "RE: [fw-wiz] K----'s Waning Security"