restrict ip address

Dom Mitchell dom
Mon Jul 5 07:36:39 BST 1999


On Sun, Jul 04, 1999 at 05:35:11PM +0100, Kevin O'Connor wrote:
> Is there a quick and easy way to prevent access to my system based on IP
> address
> What I need is an exclusion list that's easy to set up and up date by
> none technical staff

Well, you can use TCP wrappers (In the base system in 3.1+, else
in the ports collection).  That should just require a text file
(/etc/hosts.deny) that needs to be edited.  You could set up the
staff so that they can edit it if they are in the right group. You
should also show them something like ee instead of vi!

If all that's still too technical for them, then consider getting
them to ftp a file containing a bare list of IP addresses to your
box and then running a shell script to transform it into a hosts.deny
file.  In fact, this is probably the better option, as you can then
switch to another bit of software more easily later, such as ipfw(8).

> Also does anyone know of an email filter that runs on FreeBSD to check
> for words I'm trying to push FreeBSD for mail and web use with in the
> local authority but keep coming up against people who want to use NT and
> all the third party filtering software that cost the earth and is way
> beyond the budget of most schools in the authority

You're probably looking at "write it yourself" here again.  Most modern
MTA (Mail Transport Agents) will be able to perform some kind of
filtering.  The most popular solution is sendmail+procmail, but I prefer
exim to sendmail, as I find it easier to deal with.  Have a look on
places like freshmeat.net for mail filters.
-- 
When I said "we", officer, I was referring to myself, the four young
ladies, and, of course, the goat.






More information about the Ukfreebsd mailing list