Site Navigation

Date:      Sun, 04 Feb 2007 12:25:05 +0100
From:      Erik Norgaard <norgaard@locolomo.org>
To:        Noah <admin2@enabled.com>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: temporary IP addition to  firewall rules
Message-ID:  <45C5C291.30608@locolomo.org>
In-Reply-To: <45C53C7A.30805@enabled.com>
References:  <45C53C7A.30805@enabled.com>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

[-- Attachment #1 --]
Noah wrote:

> Does anybody have a recommendation for a program out there that would 
> allow somebody to enter an account and password on my website, their IP 
> address is cached, and the cached IP address is added temporarily to the 
> firewall ruleset to be allowed.

I am not aware of anything that works like that, pfauth may do the job 
for you, but not using a web site. Generally the problem is that web 
pages are stateless, so your firewall won't know when to remove the ip 
again.

You can hack up a solution that does sort of the same:

- let your web page manage accounts, the web server can get ip of the
   client registering and hence also the corresponding mac.

- tell your dhcp server not to expire ip delegations, or make host
   entries with the registered ip/mac, but that requires the dhcp server
   to be restarted at every new client.

- make a static entry in your arp table to prevent others from taking
   over the ip later.

People will only need to authenticate first time. You can decide to 
expire their accounts and revoke access after a given time with a 
cron-job if you like.

Alternatively, require people to connect with IPSec tunnel and allow 
only tunneled traffic to be routed. When they register a set of keys are 
generated for use with that client only. This is really the ideal as you 
can for example leave an AP open, yet have traffic encrypted.

Cheers, Erik
-- 
Ph: +34.666334818                      web: http://www.locolomo.org

[-- Attachment #2 --]
0�	*�H��

��0�

10	+0�	*�H��


��
�0�p0�X�
ET+�0
	*�H��


0110	UDK10
U
TDC10UTDC OCES CA0
061115083154Z
081115090154Z0u10	UDK1)0'U
 Ingen organisatorisk tilknytning1;0U
Erik N�rgaard0#UPID:9802-2002-2-5443697693150��0
	*�H��



��0��������WR�&���5��ʄ8#S^���f���Oパ���Br��IsPB��c�! >�r��&�8h�l3�?\.����U���GB���\E����3Q!��1Mr�w���P*�02�\|\&s�{b'`1&1�

���0��0U

��0+U$0"�20061115083154Z�20081115090154Z0�
7U �
.0�
*0�
&
*�P�)



0�
0/+

#http://www.certifikat.dk/repository0��+
0��0
TDC0

��For anvendelse af certifikatet g�lder OCES vilk�r, CPS og OCES CP, der kan hentes fra www.certifikat.dk/repository. Bem�rk, at TDC efter vilk�rene har et begr�nset ansvar ift. professionelle parter.0A+


50301+
0
�%http://ocsp.certifikat.dk/ocsp/status0 U0�norgaard@locolomo.org0��U}0{0K�I�G�E0C10	UDK10
U
TDC10UTDC OCES CA10UCRL15570,�*�(�&http://crl.oces.certifikat.dk/oces.crl0U#0�`���Vd~'gPKs�;�0U�~kG'�f+��Q{
�m&���0	U00	*�H��}A0
V7.1�0
	*�H��


�

OJ����'��|���)�%Ҋ��i`1�
^�n�E���
�jJ�w���K�Ӽ�B��65V���SǶw`�y$L=YX������ʷ�/����\�E��~��,�P���W$AB�\汎�͙
��7����%$�	N��-ށ�"/��Ww#�ғ�kM��A6�S0d�D~��\w*z�P�q��`�#�	69�
�;p��S�6 �	뛨3��:9�s_
�����.�'�³Q����$S0yA�ƶlqfL�i�0�p0�X�
ET+�0
	*�H��


0110	UDK10
U
TDC10UTDC OCES CA0
061115083154Z
081115090154Z0u10	UDK1)0'U
 Ingen organisatorisk tilknytning1;0U
Erik N�rgaard0#UPID:9802-2002-2-5443697693150��0
	*�H��



��0��������WR�&���5��ʄ8#S^���f���Oパ���Br��IsPB��c�! >�r��&�8h�l3�?\.����U���GB���\E����3Q!��1Mr�w���P*�02�\|\&s�{b'`1&1�

���0��0U

��0+U$0"�20061115083154Z�20081115090154Z0�
7U �
.0�
*0�
&
*�P�)



0�
0/+

#http://www.certifikat.dk/repository0��+
0��0
TDC0

��For anvendelse af certifikatet g�lder OCES vilk�r, CPS og OCES CP, der kan hentes fra www.certifikat.dk/repository. Bem�rk, at TDC efter vilk�rene har et begr�nset ansvar ift. professionelle parter.0A+


50301+
0
�%http://ocsp.certifikat.dk/ocsp/status0 U0�norgaard@locolomo.org0��U}0{0K�I�G�E0C10	UDK10
U
TDC10UTDC OCES CA10UCRL15570,�*�(�&http://crl.oces.certifikat.dk/oces.crl0U#0�`���Vd~'gPKs�;�0U�~kG'�f+��Q{
�m&���0	U00	*�H��}A0
V7.1�0
	*�H��


�

OJ����'��|���)�%Ҋ��i`1�
^�n�E���
�jJ�w���K�Ӽ�B��65V���SǶw`�y$L=YX������ʷ�/����\�E��~��,�P���W$AB�\汎�͙
��7����%$�	N��-ށ�"/��Ww#�ғ�kM��A6�S0d�D~��\w*z�P�q��`�#�	69�
�;p��S�6 �	뛨3��:9�s_
�����.�'�³Q����$S0yA�ƶlqfL�i�1�*0�&

090110	UDK10
U
TDC10UTDC OCES CAET+�0	+��
G0	*�H��

	1	*�H��


0	*�H��

	1
070204112505Z0#	*�H��

	1�j�xd�n�/h���4j`�c0H	+

�71;090110	UDK10
U
TDC10UTDC OCES CAET+�0J*�H��

	1;�90110	UDK10
U
TDC10UTDC OCES CAET+�0R	*�H��

	1E0C0
*�H��
0*�H��
�0
*�H��

@0+0
*�H��

(0
	*�H��



��w��%��lA�\d+5�j�J4�n�*
ߊS������7�?�;���M��a�x�!�Yw�t�ǩ��I�.̓-J��l4V�hf�p��������bdљ�[�X1�e�0���%Ur�+W�x۱�

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?45C5C291.30608>

Legal Notices | © 1995-2025 The FreeBSD Project. All rights reserved.

Contact