F-Secure Internet Gatekeeper for Linux/Administrator’s Guide
65
7.2
Access Control
You can use the proxy and other settings to control access based on the host and network.
Specify the settings as described below.
Access control uses tcpwrapper. For more information about tcpwrapper, run "man 5 hosts access"
from the command line.
Setting examples:
123.456.789.123 999.999.999.999
Permit connections for the IP addresses "123.456.789.123" and "999.999.999.999".
host.domain.jp
Permit connections for the host name "host.domain.jp".
This does not permit connections for "xxx.host.domain.jp".
.domain.jp
Permit connections for host names that end in ".domain.jp".
This permits connections for "xxx.domain.jp", but not for "domain.jp".
domain.jp .domain.jp
Permit connections for "domain.jp" and domains that are part of "domain.jp".
This permits connections for both "xxx.domain.jp" and "domain.jp".
192.168.
192.168.0.0/255.255.0.0
Permit connections for networks in which the addresses are specified in the form 192.168.3.4.
"255.255.255.255" cannot be specified as the netmask.
ALL
Permit connections from all hosts.
ALL EXCEPT 1.2.3.4 4.5.6.7
Permit connections from all IP addresses except 1.2.3.4 and 4.5.6.7.
ALL EXCEPT 192.168.0.0/255.255.0.0
Permit connections for networks other than 192.168.0.0/255.255.0.0.
.domain.jp EXCEPT 999.999.999.999 987.654.321.123
Permit connections for host names that end in ".domain.jp" unless the IP address is
999.999.999.999 or 987.654.321.123.
/etc/fsigk_allow_list.txt
Permit connections from addresses contained in the list file (/etc/fsigk_allow_list.txt). Specify each
address in the list file on a separate line or delimited by spaces.
ALL EXCEPT /etc/fsigk_deny_list.txt
Block connections from addresses or hosts contained in the list file (/etc/fsigk_deny_list.txt) and
permit all other connections. Specify each address in the list file on a separate line or delimited by
spaces.