226
Appendix B: Netperm Table
3. Add the
extended-permissions
attribute to the appropriate policy or proxy, indicating
that the authentication server should check information specified by the operations
keyword.
For example, Yoyodyne wants to deny TELNET between 5:00 pm and 11:00 pm:
55
authsrv:
deny-operation user * tn-gw * * time 17:00 23:00
56
authsrv:
permit-operation user * tn-gw * *
100
tn-gw:
authenticate *
101
tn-gw:
extended-permissions *
Line 55 denies TELNET access between 5:00 pm and 11:00 pm.
Line 56 permits TELNET access. You must include this rule because you must explicitly
permit operations when you specify extended permissions.
The deny rule must appear before the permit rule because the proxies use the first
matching rule. If you specify the permit rule before the deny rule, the authentication
server would never read the deny rule, because the permit rule matches all TELNET
operations.
Denying Access to a Host or Network
You can deny access to a particular host or network on a proxy or general basis.
Denying Access by Proxy
To deny access by proxy:
•
Add a
deny-destination
line to the specific proxy.
For example, Yoyodyne does not want anyone on the inside networks to FTP files from
any hosts at Big University:
55 ftp-gw: deny-destination *.bigu.edu
Denying Access in General
You can also deny access to a particular host or network for all proxies and applications.
Содержание Gauntlet
Страница 1: ...Gauntlet for IRIX Administrator s Guide Document Number 007 2826 004 ...
Страница 16: ......
Страница 26: ......
Страница 27: ...PART ONE Understanding the Gauntlet Internet Firewall I ...
Страница 28: ......
Страница 43: ...PART TWO Configuring and Using Proxies II ...
Страница 44: ......
Страница 50: ......
Страница 56: ......
Страница 64: ......
Страница 72: ......
Страница 94: ......
Страница 109: ...PART THREE Administering General Gauntlet Firewall Services III ...
Страница 110: ......
Страница 140: ......
Страница 146: ...120 Chapter 17 The Graphical Management Interface Figure 17 3 Gauntlet Introductory Management Form 1 of 3 ...
Страница 147: ...Introductory Management Form 121 Figure 17 4 Gauntlet Introductory Management Form 2 of 3 ...
Страница 148: ...122 Chapter 17 The Graphical Management Interface Figure 17 5 Gauntlet Introductory Management Form 3 of 3 ...
Страница 150: ...124 Chapter 17 The Graphical Management Interface Figure 17 6 Networks and Interfaces Configuration Form 1 of 2 ...
Страница 151: ...Networks and Interfaces Configuration Form 125 Figure 17 7 Networks and Interfaces Configuration Form 2 of 2 ...
Страница 155: ...Routing Configuration Form 129 Figure 17 8 Routing Configuration Form ...
Страница 162: ...136 Chapter 17 The Graphical Management Interface Figure 17 10 Proxy Servers Configuration Form 1 of 3 ...
Страница 163: ...Proxy Servers Configuration Form 137 Figure 17 11 Proxy Servers Configuration Form 2 of 3 ...
Страница 164: ...138 Chapter 17 The Graphical Management Interface Figure 17 12 Proxy Servers Configuration Form 3 of 3 ...
Страница 170: ...144 Chapter 17 The Graphical Management Interface Figure 17 13 DNS Configuration Form 1 of 2 ...
Страница 171: ...DNS Configuration Form 145 Figure 17 14 DNS Configuration Form 2 of 2 ...
Страница 177: ...Sendmail on Gauntlet Servers 151 Figure 17 15 Sendmail Configuration Form ...
Страница 187: ...Logfiles and Reports Configuration Form 161 Figure 17 20 Reports and Logfiles Form 1 of 2 ...
Страница 191: ...Authorizing Users Form 165 Figure 17 22 Authorizing Users Form ...
Страница 192: ...166 Chapter 17 The Graphical Management Interface Figure 17 23 Add User Form ...
Страница 214: ......
Страница 232: ......
Страница 233: ...Appendixes IV ...
Страница 234: ......
Страница 294: ......
Страница 305: ......