On Thu, Sep 21, 2006 at 09:40:56 -0300, "Marcelo Magno T. Sales" <marcelo.sales@xxxxxxxxxxxxxxx> wrote: > We use MS ISA server to restrict Internet access, by user and by application. > For example, I can set it up so that user A can access HTTP servers and use > instant messengers, while users from group B are allowed to access FTP > servers and users from group C are forbidden any access (users and groups are > stored in Active Directory). > > Is there a way to get the results I need using Linux clients? ipchains can have rules that check who the user is. There are some packets that won't have a user associated with them, but it should do a pretty reasonable job of doing what you want. If you want only specific programs to be used then you probably need to look at using SELinux. (There is a command feature in iptables, but this doesn't point to a specific file, but rather a command name. So that people can easily get around this restriction.)
