From owner-freebsd-questions@FreeBSD.ORG Sun Sep 17 23:29:02 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A155C16A412 for ; Sun, 17 Sep 2006 23:29:02 +0000 (UTC) (envelope-from danielby@slightlystrange.org) Received: from catflap.slightlystrange.org (cpc3-cmbg1-0-0-cust506.cmbg.cable.ntl.com [82.21.101.251]) by mx1.FreeBSD.org (Postfix) with ESMTP id E0A1243D5D for ; Sun, 17 Sep 2006 23:29:01 +0000 (GMT) (envelope-from danielby@slightlystrange.org) Received: from danielby by catflap.slightlystrange.org with local (Exim 4.63 #0) id 1GP64C-0004kQ-Lh by authid for ; Mon, 18 Sep 2006 00:28:52 +0100 Date: Mon, 18 Sep 2006 00:28:52 +0100 From: Daniel Bye To: freebsd-questions@freebsd.org Message-ID: <20060917232852.GA2390@catflap.slightlystrange.org> Mail-Followup-To: freebsd-questions@freebsd.org References: <450C7555.6050502@enabled.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="/9DWx/yDrRhgMJTb" Content-Disposition: inline In-Reply-To: <450C7555.6050502@enabled.com> User-Agent: Mutt/1.4.2.2i X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: danielby@slightlystrange.org X-SA-Exim-Scanned: No (on catflap.slightlystrange.org); SAEximRunCond expanded to false Subject: Re: ipfw and temporary port access X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Daniel Bye List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 Sep 2006 23:29:02 -0000 --/9DWx/yDrRhgMJTb Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Sep 16, 2006 at 03:06:13PM -0700, Noah wrote: > Hi there, >=20 > I am trying to figure out how to open a port temporarily for a specific= =20 > IP who is able to provide a proper username and password on the website= =20 > of the box. After authentication is verified then the IP address is=20 > cached and temporarily allowed to access a specific port on the=20 > server. This temporary firewall changes would be handled by ipfw. >=20 > Any clues if a system like this is a already coded and out there somewher= e? Take a look at security/doorman or security/knock, both of which might fit the bill. Dan --=20 Daniel Bye PGP Key: http://www.slightlystrange.org/pgpkey-dan.asc PGP Key fingerprint: D349 B109 0EB8 2554 4D75 B79A 8B17 F97C 1622 166A _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ --/9DWx/yDrRhgMJTb Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) iD8DBQFFDdo0ixf5fBYiFmoRAo8+AJ0XTzmPK9jSzRL+bPkFuJE8jaDWSQCgloJT kiqwX2VxEY7kcUXAcrhNUUY= =Zw9L -----END PGP SIGNATURE----- --/9DWx/yDrRhgMJTb--