internet filter and access control

Jean-Pierre A. Radley appl at jpr.com
Thu Jan 27 12:15:59 PST 2005


Dennis Malen propounded (on Thu, Jan 27, 2005 at 12:47:12PM -0500):
| The range of IP addresses will not work. We want to allow access to 
| specific sites. This will be very restrictive to perhaps only three sites 
| for some employees.
| 
| A firewall will not do the trick, unless there is a firewall that is 
| sophisticated enough to do it which so far I have not been able to find.
| 
| I have only found software and separate hardware that is not a firewall.

I can do it on SCO Unix with ipfilters:  first a rule to block all
outbound connections to anywhere if they originate from a desired range
of internal client IP numbers, but then open up outbound access to
to port 80 at specified IP addresses.  The allowed access can be for
all internal machines, or one can write a separate rule for each
pair of 'originating-machine, allowed-outside-site'.

This will do nothing about the employee who, upon finding him/herself
barred from accessing a verboten site, walks over to another employee's
computah.  :-)

-- 
JP


More information about the Filepro-list mailing list