From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1LLhwZ-0001SP-4J for garchives@archives.gentoo.org; Sat, 10 Jan 2009 17:48:20 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 50261E02A1; Sat, 10 Jan 2009 17:48:16 +0000 (UTC) Received: from mail-bw0-f12.google.com (mail-bw0-f12.google.com [209.85.218.12]) by pigeon.gentoo.org (Postfix) with ESMTP id 0368DE02A1 for ; Sat, 10 Jan 2009 17:48:15 +0000 (UTC) Received: by bwz5 with SMTP id 5so19533966bwz.10 for ; Sat, 10 Jan 2009 09:48:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=BYo1QxjeOORpODs3/RDBzUJLI9lzAC8XZbZGrRFTI/Y=; b=C+Ve/o8Equ0ssgb3N4MGhyCPjRKLbmFOoLNfu3ZQ1qnMIrFVN925MxnmGPesMhthZE KZixoNdXZXGYQF6fJLTLxqo4Fy1h5yXfoOCFalZ45TfA1DviGGwYmR3wBMJwDICnEwHR QCHUTDDicQ9rMhdhUdtHd1mvwm9KHVbO7zDzk= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=kQ2rtm8h5oPXKPhA5pyIUFUjeXd4ky2P0fVSd2egG5xv3MqjTTo+rzmehxOZNlSMFM xEoFEFa6p1+1P87ziVjgun0K+Iwcm6f5kvKXl8yHYiSMsTvSY5C4X5fx0cFfqy80OV7m SzQ2Ty97yv3d3bX9fHeP5KReSL6scxkPUOwW8= Received: by 10.181.216.14 with SMTP id t14mr9275807bkq.8.1231609694999; Sat, 10 Jan 2009 09:48:14 -0800 (PST) Received: by 10.181.16.3 with HTTP; Sat, 10 Jan 2009 09:48:10 -0800 (PST) Message-ID: <49bf44f10901100948x5ad0087ag93feadefce0385ad@mail.gmail.com> Date: Sat, 10 Jan 2009 09:48:10 -0800 From: Grant To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Restricting Firefox website access In-Reply-To: <20090110101854.4ed996d1@fraggod.net> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <49bf44f10901071344l3f081b8dmaa6353b41fb59f4@mail.gmail.com> <58965d8a0901071354l76bea08o328361031ff58ac8@mail.gmail.com> <854dca5c0901081257u25c6dee0j7871901221592a95@mail.gmail.com> <49bf44f10901091040t6c1920c4kbd504920e256ac20@mail.gmail.com> <20090110101854.4ed996d1@fraggod.net> X-Archives-Salt: d019311b-f426-4fb6-bd02-32445a02603c X-Archives-Hash: f7c713794bb8a570d6261fec1861e401 >> > You could use iptables to block all traffic headed to port 80 with >> > exceptions for the domains you need. >> >> Would that cause problems with fetching packages for emerges? >> >> - Grant >> > > Why not just put a limit to a traffic from/to a specific user > account(s) or groups, leaving root unrestricted? > > Makes sense, since root would be able to lift any restriction, anyway ;) That sounds good, how can I do that? - Grant