If I understand correctly, you have a social engineering problem. If you grant one user the rights to go to Internet, and him install a wingate to let her pals use his access, no thing in the firewall will detect it. You must prosecute or "advice" that user that sharing his rights is against company policy. LALO On Tue, 2005-08-02 at 10:14 +0200, Jörg Harmuth wrote: > bend chen schrieb: > > hi,netfilter > > > > I have manager some PC,some one can used my netfilter box access Internet,others can't access Internet. > > but I find some PC installed proxy program (wingate\ccproxy...) proxy some user's pc access Internet. > > how can i set my firewall to forbidden user use proxy program? > > If I understand correctly, you want to allow proxy access for some users > and other users are forbidden to use the proxy.If so, what about this: > > Structure your network, put allowed users in one network segment and > forbidden users in a different segment. Then the following rules should > get you started. > > iptables -P INPUT DROP > iptables -P FORWARD DROP > > iptables -A INPUT -i lo -j ACCEPT > iptables -A INPUT -m state --state ESTABLISHED,RELATED \ > -j ACCEPT > iptables -A INPUT -s $ALLOWED_SEGMENT/$NETMASK \ > --dport $PROXY_PORT -j ACCEPT > [Some other rules you need] > > Finally I would like to suggest reading "man iptables" and this > excellent tutorial by Oskar Andreasson: > > http://iptables-tutorial.frozentux.net/chunkyhtml/index.html > > Good luck, > > Joerg > > Este e-mail y cualquier posible archivo adjunto está dirigido únicamente al destinatario del mensaje y contiene información que puede ser confidencial. Si Ud. no es el destinatario correcto por favor notifique al remitente respondiendo este mensaje y elimine inmediatamente el e-mail y los posibles archivos adjuntos al mismo de su sistema. Está prohibida cualquier utilización, difusión o copia de este e-mail por cualquier persona o entidad que no sean las específicas destinatarias del mensaje. ANTEL no acepta ninguna responsabilidad con respecto a cualquier comunicación que haya sido emitida incumpliendo nuestra Política de Seguridad de la Información. . . . . . . . . . This e-mail and any attachment is confidential and is intended solely for the addressee(s). If you are not intended recipient please inform the sender immediately, answering this e-mail and delete it as well as the attached files. Any use, circulation or copy of this e-mail by any person or entity that is not the specific addressee(s) is prohibited. ANTEL is not responsible for any communication emitted without respecting our Information Security Policy.
