| View previous topic :: View next topic |
| Author |
Message |
ham_se17
Tux's lil' helper
Joined: 20 Jul 2005
Posts: 131
|
 Posted: Thu Aug 23, 2007 8:00 am Post subject: client server firewall (not iptables) |
 |
|
Hi,
I need a solution where we can install a firewall on clients and manage them from a local server or if you have a seperate password. It is important that client's can't change the firewall! The firewall must only be editable if you have a seperate password or from a local server (where you push the firewall to the clients).
We want the users to be able to have the root password to their workstations, but not to be able to change their firewall. Therefore we can't use iptables (you can edit iptables rules if you are root). Commercials products is ok too.
Any ideas? |
|
| Back to top |
|
 |
Januszzz
Guru
Joined: 04 Feb 2006
Posts: 367
Location: Opole, Poland
|
| Posted: Thu Aug 23, 2007 11:03 am Post subject: |
|
|
hmm,
have you considered Linux capabilities? I do not have strong orientation in it, but issuing i.e.
lcap CAP_NET_ADMIN (of course you have to emerge lcap first, which is only for x86 and ppc, but I use it on amd64 too)
makes network admin rights dropped until next reboot. There are other capabilities which you may find useful (CAP_NET_BIND_SERVICE, CAP_NET_RAW, CAP_SYS_RAWIO etc.)
I would say that finding any commercial solution for that would be rather hard, but I wish you luck.
Janusz. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
