there is no "rule" that will allow this, you would need a proxy, e.g. squid, and just manage its ACLs conventionally and effectively. And you need to ensure that ONLY the proxy can reach the internet.
You could use a firewall instead of a proxy if your requirements differ from just web access.
And note that users do not have IP addresses, computers do. you never know who the user really is. I know this is obvious, but it's easily forgotten in many security models.
Last edited by acid_kewpie; 02-19-2012 at 01:19 PM.
|