Date: Tue, 21 May 2002 10:36:46 -0400 From: Scott Ullrich <sullrich@CRE8.COM> To: "'Mire, John'" <jmire@lsuhsc.edu>, Scott Ullrich <sullrich@CRE8.COM>, 'John Angelmo' <john@veidit.net>, net@freebsd.org Subject: RE: "dynamic" ipfw Message-ID: <2F6DCE1EFAB3BC418B5C324F13934C96016C9B61@exchange.corp.cre8.com>
next in thread | raw e-mail | index | archive | help
This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C200D4.EEEA1460 Content-Type: text/plain; charset="iso-8859-1" John, What do you mean by does it do anything? Currently all three projects are working and we are in the process of finishing new verisons. ;) -Scott -----Original Message----- From: Mire, John [mailto:jmire@lsuhsc.edu] Sent: Tuesday, May 21, 2002 10:19 AM To: 'Scott Ullrich'; 'John Angelmo'; net@freebsd.org Subject: RE: "dynamic" ipfw nice project page, does it do anything? -----Original Message----- From: Scott Ullrich [mailto:sullrich@CRE8.COM] Sent: Monday, May 20, 2002 5:23 PM To: 'John Angelmo'; net@freebsd.org Subject: RE: "dynamic" ipfw Check out http://www.bsdshell.com <http://www.bsdshell.com> 's EtherFirewall project. It will allow you to maintain Mac addresses with your IPFW rules. Now regarding the hostname to ip address conversion for firewall rules. I have a feeling it is translating the IP address at the time of entry so this is not really going to work for your round-robin situation. EtherFirewall is the clear choice for this. Good luck! -Scott > -----Original Message----- > From: John Angelmo [ mailto:john@veidit.net <mailto:john@veidit.net> ] > Sent: Monday, May 20, 2002 1:40 PM > To: net@freebsd.org > Subject: "dynamic" ipfw > > > Hello > > I have a small problem with IPFW > > How can I handle adding and removing rules based on IP/MAC per user? > I can add a rule for a specific IP/MAC without the need to > flush but can > I remove it in the same way? > > now lets say I have a user that only needs access to it's mailserver > mail.user.com with pop3 and smtp > then the rule for pop3 would be something like > add allow ip from mail.user.com 110 to IP/HOST (MAC dosn't > work here right?) > > Now mail.user.com uses runrobin so the IP changes from request to > request but dosn't the IPFW resolve the IP when its added to > the rules, > how can this be solved for the user? > > /John > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message > ------_=_NextPart_001_01C200D4.EEEA1460 Content-Type: text/html; charset="iso-8859-1" <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1"> <TITLE>RE: "dynamic" ipfw</TITLE> <META content="MSHTML 6.00.2716.2200" name=GENERATOR></HEAD> <BODY> <DIV> <DIV><SPAN class=067033614-21052002><FONT face=Arial color=#0000ff size=2>John,</FONT></SPAN></DIV> <DIV><SPAN class=067033614-21052002><FONT face=Arial color=#0000ff size=2></FONT></SPAN> </DIV> <DIV><SPAN class=067033614-21052002><FONT face=Arial color=#0000ff size=2>What do you mean by does it do anything? Currently all three projects are working and we are in the process of finishing new verisons. ;)</FONT></SPAN></DIV> <DIV><SPAN class=067033614-21052002><FONT face=Arial color=#0000ff size=2></FONT></SPAN> </DIV> <DIV><SPAN class=067033614-21052002><FONT face=Arial color=#0000ff size=2>-Scott</FONT></SPAN></DIV></DIV> <BLOCKQUOTE dir=ltr style="MARGIN-RIGHT: 0px"> <DIV class=OutlookMessageHeader dir=ltr align=left><FONT face=Tahoma size=2>-----Original Message-----<BR><B>From:</B> Mire, John [mailto:jmire@lsuhsc.edu]<BR><B>Sent:</B> Tuesday, May 21, 2002 10:19 AM<BR><B>To:</B> 'Scott Ullrich'; 'John Angelmo'; net@freebsd.org<BR><B>Subject:</B> RE: "dynamic" ipfw<BR><BR></FONT></DIV> <DIV><SPAN class=446182814-21052002><FONT face=Arial color=#0000ff size=2>nice project page, does it do anything?</FONT></SPAN></DIV> <BLOCKQUOTE dir=ltr style="MARGIN-RIGHT: 0px"> <DIV class=OutlookMessageHeader dir=ltr align=left><FONT face=Tahoma size=2>-----Original Message-----<BR><B>From:</B> Scott Ullrich [mailto:sullrich@CRE8.COM]<BR><B>Sent:</B> Monday, May 20, 2002 5:23 PM<BR><B>To:</B> 'John Angelmo'; net@freebsd.org<BR><B>Subject:</B> RE: "dynamic" ipfw<BR><BR></FONT></DIV> <P><FONT size=2>Check out <A href="http://www.bsdshell.com" target=_blank>http://www.bsdshell.com</A> 's EtherFirewall project. It will allow you to maintain Mac addresses with your IPFW rules. </FONT></P> <P><FONT size=2>Now regarding the hostname to ip address conversion for firewall rules. I have a feeling it is translating the IP address at the time of entry so this is not really going to work for your round-robin situation. EtherFirewall is the clear choice for this.</FONT></P> <P><FONT size=2>Good luck!</FONT> </P> <P><FONT size=2>-Scott</FONT> </P><BR> <P><FONT size=2>> -----Original Message-----</FONT> <BR><FONT size=2>> From: John Angelmo [<A href="mailto:john@veidit.net">mailto:john@veidit.net</A>]</FONT> <BR><FONT size=2>> Sent: Monday, May 20, 2002 1:40 PM</FONT> <BR><FONT size=2>> To: net@freebsd.org</FONT> <BR><FONT size=2>> Subject: "dynamic" ipfw</FONT> <BR><FONT size=2>> </FONT><BR><FONT size=2>> </FONT><BR><FONT size=2>> Hello</FONT> <BR><FONT size=2>> </FONT><BR><FONT size=2>> I have a small problem with IPFW</FONT> <BR><FONT size=2>> </FONT><BR><FONT size=2>> How can I handle adding and removing rules based on IP/MAC per user?</FONT> <BR><FONT size=2>> I can add a rule for a specific IP/MAC without the need to </FONT><BR><FONT size=2>> flush but can </FONT><BR><FONT size=2>> I remove it in the same way?</FONT> <BR><FONT size=2>> </FONT><BR><FONT size=2>> now lets say I have a user that only needs access to it's mailserver </FONT><BR><FONT size=2>> mail.user.com with pop3 and smtp</FONT> <BR><FONT size=2>> then the rule for pop3 would be something like</FONT> <BR><FONT size=2>> add allow ip from mail.user.com 110 to IP/HOST (MAC dosn't </FONT><BR><FONT size=2>> work here right?)</FONT> <BR><FONT size=2>> </FONT><BR><FONT size=2>> Now mail.user.com uses runrobin so the IP changes from request to </FONT><BR><FONT size=2>> request but dosn't the IPFW resolve the IP when its added to </FONT><BR><FONT size=2>> the rules, </FONT><BR><FONT size=2>> how can this be solved for the user?</FONT> <BR><FONT size=2>> </FONT><BR><FONT size=2>> /John</FONT> <BR><FONT size=2>> </FONT><BR><FONT size=2>> </FONT><BR><FONT size=2>> To Unsubscribe: send mail to majordomo@FreeBSD.org</FONT> <BR><FONT size=2>> with "unsubscribe freebsd-net" in the body of the message</FONT> <BR><FONT size=2>> </FONT></P></BLOCKQUOTE></BLOCKQUOTE></BODY></HTML> ------_=_NextPart_001_01C200D4.EEEA1460-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2F6DCE1EFAB3BC418B5C324F13934C96016C9B61>