On Wed, 19 Feb 2003, Raoul Beauduin wrote:
> I am trying to forbid outgoing ftp.
>
> the situation is like this:
>
> we have about 10 pc's connected to a local network 192.168.*.* ("my"
> network). we are going through a firewall to connect to internet.
> I want some students not being able at all to make an outgoing ftp to
> some foreign host and drop sensitive sources. but when i connect on
> their machine, i want to be able to make an any ftp i want.
> the deny of outgoing ftp must on be only for these students.
this strikes me as a futile exercise. if you prevent those students
from ftp'ing to one or more specific hosts to prevent them from
smuggling sensitive information out of your network, all they have
to do is find another host somewhere to act as a repository.
if you prevent only *some* students from doing this, they simply
have to ask one of their friends or colleagues to do it for them.
and if these students have access to these "sensitive" sources
in the first place, they can just make physical copies on floppy
or zip drive or something. or mail these sources to someone.
i'm sure others will show you how to use iptables to do what
you want. personally, i think you're fighting a losing battle
and should rethink what you're trying to accomplish.
rday
--
Psyche-list mailing list
Psyche-list@redhat.com
https://listman.redhat.com/mailman/listinfo/psyche-list
