222
Appendix B: Netperm Table
To implement this policy, you could create a more restrictive policy:
1.
#define inside hosts who will use the policy
2. *: permit-hosts 204.255.154.0:255.255.255.128 -policy restrictive
3. #define the policy
4. policy-restrictive: permit-proxy tn-gw rlogin-gw
5. policy-restrictive: permit-destination 192.33.112.*
6. policy-restrictive: authenticate *
7. policy-restrictive: auth server 127.0.0.1
Line 2 indicates that all proxies and applications (*) should use the restrictive policy for
requests from the designated subnet. If you specify the policy for only the TELNET
(tn-gw) and rlogin (rlogin-gw) proxies instead of for all (*), all other proxies (such as the
HTTP and FTP proxies) skip this policy and use another policy.
Line 4 indicates that this policy permits the TELNET and rlogin proxies. All other proxies
with requests from hosts within 204.255.154.0:255.255.255.128 deny the request after
parsing this line.
Line 5 indicates that these proxies can send requests to the set of destinations:
192.33.112.*. The TELNET and rlogin proxies deny requests to any other destinations
after parsing this line.
Lines 6 and 7 indicate that users on these networks must authenticate with the
authentication server on the firewall.
Put this policy above the inside policy so the proxies will use these rules rather than the
more generous inside policy. You may also want to create a matching restrictive outside
policy to restrict access from outside networks to this internal subnet.
Note that this type of policy may not prevent users on this inside network from reading
news and sending e-mail. The recommended setup for the Gauntlet firewall calls for
central mail and news servers on the inside networks. The news readers and mail agents
on the restricted subnet communicate directly with the news and mail servers. These
servers, which are not on the restricted subnet, communicate with the firewall.
If you are running mail and news servers on the firewall, this more restrictive policy
denies email and news activities from the restricted subnet.
Содержание Gauntlet
Страница 1: ...Gauntlet for IRIX Administrator s Guide Document Number 007 2826 004 ...
Страница 16: ......
Страница 26: ......
Страница 27: ...PART ONE Understanding the Gauntlet Internet Firewall I ...
Страница 28: ......
Страница 43: ...PART TWO Configuring and Using Proxies II ...
Страница 44: ......
Страница 50: ......
Страница 56: ......
Страница 64: ......
Страница 72: ......
Страница 94: ......
Страница 109: ...PART THREE Administering General Gauntlet Firewall Services III ...
Страница 110: ......
Страница 140: ......
Страница 146: ...120 Chapter 17 The Graphical Management Interface Figure 17 3 Gauntlet Introductory Management Form 1 of 3 ...
Страница 147: ...Introductory Management Form 121 Figure 17 4 Gauntlet Introductory Management Form 2 of 3 ...
Страница 148: ...122 Chapter 17 The Graphical Management Interface Figure 17 5 Gauntlet Introductory Management Form 3 of 3 ...
Страница 150: ...124 Chapter 17 The Graphical Management Interface Figure 17 6 Networks and Interfaces Configuration Form 1 of 2 ...
Страница 151: ...Networks and Interfaces Configuration Form 125 Figure 17 7 Networks and Interfaces Configuration Form 2 of 2 ...
Страница 155: ...Routing Configuration Form 129 Figure 17 8 Routing Configuration Form ...
Страница 162: ...136 Chapter 17 The Graphical Management Interface Figure 17 10 Proxy Servers Configuration Form 1 of 3 ...
Страница 163: ...Proxy Servers Configuration Form 137 Figure 17 11 Proxy Servers Configuration Form 2 of 3 ...
Страница 164: ...138 Chapter 17 The Graphical Management Interface Figure 17 12 Proxy Servers Configuration Form 3 of 3 ...
Страница 170: ...144 Chapter 17 The Graphical Management Interface Figure 17 13 DNS Configuration Form 1 of 2 ...
Страница 171: ...DNS Configuration Form 145 Figure 17 14 DNS Configuration Form 2 of 2 ...
Страница 177: ...Sendmail on Gauntlet Servers 151 Figure 17 15 Sendmail Configuration Form ...
Страница 187: ...Logfiles and Reports Configuration Form 161 Figure 17 20 Reports and Logfiles Form 1 of 2 ...
Страница 191: ...Authorizing Users Form 165 Figure 17 22 Authorizing Users Form ...
Страница 192: ...166 Chapter 17 The Graphical Management Interface Figure 17 23 Add User Form ...
Страница 214: ......
Страница 232: ......
Страница 233: ...Appendixes IV ...
Страница 234: ......
Страница 294: ......
Страница 305: ......