On 28 Jul 2001, Randolph S. Kahle <[EMAIL PROTECTED]> wrote: >On 28 Jul 2001 19:01:07 +0200, Philipp Lehman wrote: >> On 28 Jul 2001, John Hasler <[EMAIL PROTECTED]> wrote: >> >> >Randy writes: >> >> The user will be able, from a user account, do a pon, poff, etc. to >> >> connect to the ISP. So, my challenge is to have the scripts run from >> >> user level security and install the firewall rules. >> > >> >> How do I do this? >> > >> >The scripts in /etc/ppp/ip-up.d and /etc/ppp/ip-down.d are run when ppp >> >comes up and goes down respectively. They are run by pppd and so run as >> >root no matter who ran pon and poff. >> >> Alternatively, he could use the interface as a filter target instead >> of the IP address. Should be fine on stand-alone machine with a single >> external interface. > > >Oh! I did not know I could do that. Are you saying that I could have the >ipchain rules read. > >$IPCHAINS -A tcpOutB -p tcp -s $NETWORK_PRIVATE $PORTS_UNPRIV \ > -d ppp0 $PORTS_WWW -j ACCEPT
That's basically right, although you should check 'man ipchains' for the correct syntax (it's '-i ppp0'). -- Philipp Lehman <[EMAIL PROTECTED]>
