IP Acls?
3 posts
• Page 1 of 1
IP Acls?
by ralphy » Sun Nov 25, 2007 7:10 pm
I was wondering if it's possible (and if so, how?) to make a ruleset in the policy that allows only people in a specified GID to bind to an interface. For instance, users in group "users" allowed access to 198.168.1.100 while being denied the ability to use 192.168.1.101 unless they're in a group a special group, in which case they have access to both IPs. Is this possible?
- ralphy
- Posts: 52
- Joined: Wed Jan 11, 2006 12:51 pm
Re: IP Acls?
by cookiemonster » Wed Jun 25, 2008 2:25 pm
ralphy wrote:I was wondering if it's possible (and if so, how?) to make a ruleset in the policy that allows only people in a specified GID to bind to an interface. For instance, users in group "users" allowed access to 198.168.1.100 while being denied the ability to use 192.168.1.101 unless they're in a group a special group, in which case they have access to both IPs. Is this possible?
ralphy: you can do this through roles, your users would have to gradm to a special role where they will be allowed access. The notion of groups and users, I doubt you can do that.
- cookiemonster
- Posts: 8
- Joined: Wed Jun 25, 2008 1:15 pm
Re: IP Acls?
by spender » Thu Jun 26, 2008 12:50 pm
Make a group role, and in each subject in that role, make sure that your bind rules only allow binding to the specific IP you mentioned. Remember that the RBAC system supports virtual interface support as well (as described in the sample policy)
-Brad
-Brad
- spender
- Posts: 2185
- Joined: Wed Feb 20, 2002 8:00 pm
3 posts
• Page 1 of 1