FreeBSD Mail Archives

Date:      Tue, 21 May 2002 10:36:46 -0400
From:      Scott Ullrich <sullrich@CRE8.COM>
To:        "'Mire, John'" <jmire@lsuhsc.edu>, Scott Ullrich <sullrich@CRE8.COM>, 'John Angelmo' <john@veidit.net>, net@freebsd.org
Subject:   RE: "dynamic" ipfw
Message-ID:  <2F6DCE1EFAB3BC418B5C324F13934C96016C9B61@exchange.corp.cre8.com>

next in thread | raw e-mail | index | archive | help

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C200D4.EEEA1460
Content-Type: text/plain;
	charset="iso-8859-1"

John,
 
What do you mean by does it do anything?  Currently all three projects are
working and we are in the process of finishing new verisons. ;)
 
-Scott

-----Original Message-----
From: Mire, John [mailto:jmire@lsuhsc.edu]
Sent: Tuesday, May 21, 2002 10:19 AM
To: 'Scott Ullrich'; 'John Angelmo'; net@freebsd.org
Subject: RE: "dynamic" ipfw


nice project page, does it do anything?

-----Original Message-----
From: Scott Ullrich [mailto:sullrich@CRE8.COM]
Sent: Monday, May 20, 2002 5:23 PM
To: 'John Angelmo'; net@freebsd.org
Subject: RE: "dynamic" ipfw



Check out http://www.bsdshell.com <http://www.bsdshell.com>;  's
EtherFirewall project.   It will allow you to maintain Mac addresses with
your IPFW rules.  

Now regarding the hostname to ip address conversion for firewall rules.  I
have a feeling it is translating the IP address at the time of entry so this
is not really going to work for your round-robin situation.  EtherFirewall
is the clear choice for this.

Good luck! 

-Scott 


> -----Original Message----- 
> From: John Angelmo [ mailto:john@veidit.net <mailto:john@veidit.net> ] 
> Sent: Monday, May 20, 2002 1:40 PM 
> To: net@freebsd.org 
> Subject: "dynamic" ipfw 
> 
> 
> Hello 
> 
> I have a small problem with IPFW 
> 
> How can I handle adding and removing rules based on IP/MAC per user? 
> I can add a rule for a specific IP/MAC without the need to 
> flush but can 
> I remove it in the same way? 
> 
> now lets say I have a user that only needs access to it's mailserver 
> mail.user.com with pop3 and smtp 
> then the rule for pop3 would be something like 
> add allow ip from mail.user.com 110 to IP/HOST (MAC dosn't 
> work here right?) 
> 
> Now mail.user.com uses runrobin so the IP changes from request to 
> request but dosn't the IPFW resolve the IP when its added to 
> the rules, 
> how can this be solved for the user? 
> 
> /John 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org 
> with "unsubscribe freebsd-net" in the body of the message 
> 


------_=_NextPart_001_01C200D4.EEEA1460
Content-Type: text/html;
	charset="iso-8859-1"

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<TITLE>RE: "dynamic" ipfw</TITLE>

<META content="MSHTML 6.00.2716.2200" name=GENERATOR></HEAD>
<BODY>
<DIV>
<DIV><SPAN class=067033614-21052002><FONT face=Arial color=#0000ff 
size=2>John,</FONT></SPAN></DIV>
<DIV><SPAN class=067033614-21052002><FONT face=Arial color=#0000ff 
size=2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=067033614-21052002><FONT face=Arial color=#0000ff size=2>What 
do you mean by does it do anything?&nbsp; Currently all three projects are 
working and we are in the process of finishing new verisons. 
;)</FONT></SPAN></DIV>
<DIV><SPAN class=067033614-21052002><FONT face=Arial color=#0000ff 
size=2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=067033614-21052002><FONT face=Arial color=#0000ff 
size=2>-Scott</FONT></SPAN></DIV></DIV>
<BLOCKQUOTE dir=ltr style="MARGIN-RIGHT: 0px">
  <DIV class=OutlookMessageHeader dir=ltr align=left><FONT face=Tahoma 
  size=2>-----Original Message-----<BR><B>From:</B> Mire, John 
  [mailto:jmire@lsuhsc.edu]<BR><B>Sent:</B> Tuesday, May 21, 2002 10:19 
  AM<BR><B>To:</B> 'Scott Ullrich'; 'John Angelmo'; 
  net@freebsd.org<BR><B>Subject:</B> RE: "dynamic" ipfw<BR><BR></FONT></DIV>
  <DIV><SPAN class=446182814-21052002><FONT face=Arial color=#0000ff size=2>nice 
  project page, does it do anything?</FONT></SPAN></DIV>
  <BLOCKQUOTE dir=ltr style="MARGIN-RIGHT: 0px">
    <DIV class=OutlookMessageHeader dir=ltr align=left><FONT face=Tahoma 
    size=2>-----Original Message-----<BR><B>From:</B> Scott Ullrich 
    [mailto:sullrich@CRE8.COM]<BR><B>Sent:</B> Monday, May 20, 2002 5:23 
    PM<BR><B>To:</B> 'John Angelmo'; net@freebsd.org<BR><B>Subject:</B> RE: 
    "dynamic" ipfw<BR><BR></FONT></DIV>
    <P><FONT size=2>Check out <A href="http://www.bsdshell.com" 
    target=_blank>http://www.bsdshell.com</A>; 's EtherFirewall 
    project.&nbsp;&nbsp; It will allow you to maintain Mac addresses with your 
    IPFW rules.&nbsp; </FONT></P>
    <P><FONT size=2>Now regarding the hostname to ip address conversion for 
    firewall rules.&nbsp; I have a feeling it is translating the IP address at 
    the time of entry so this is not really going to work for your round-robin 
    situation.&nbsp; EtherFirewall is the clear choice for this.</FONT></P>
    <P><FONT size=2>Good luck!</FONT> </P>
    <P><FONT size=2>-Scott</FONT> </P><BR>
    <P><FONT size=2>&gt; -----Original Message-----</FONT> <BR><FONT size=2>&gt; 
    From: John Angelmo [<A 
    href="mailto:john@veidit.net">mailto:john@veidit.net</A>]</FONT> <BR><FONT 
    size=2>&gt; Sent: Monday, May 20, 2002 1:40 PM</FONT> <BR><FONT size=2>&gt; 
    To: net@freebsd.org</FONT> <BR><FONT size=2>&gt; Subject: "dynamic" 
    ipfw</FONT> <BR><FONT size=2>&gt; </FONT><BR><FONT size=2>&gt; 
    </FONT><BR><FONT size=2>&gt; Hello</FONT> <BR><FONT size=2>&gt; 
    </FONT><BR><FONT size=2>&gt; I have a small problem with IPFW</FONT> 
    <BR><FONT size=2>&gt; </FONT><BR><FONT size=2>&gt; How can I handle adding 
    and removing rules based on IP/MAC per user?</FONT> <BR><FONT size=2>&gt; I 
    can add a rule for a specific IP/MAC without the need to </FONT><BR><FONT 
    size=2>&gt; flush but can </FONT><BR><FONT size=2>&gt; I remove it in the 
    same way?</FONT> <BR><FONT size=2>&gt; </FONT><BR><FONT size=2>&gt; now lets 
    say I have a user that only needs access to it's mailserver </FONT><BR><FONT 
    size=2>&gt; mail.user.com with pop3 and smtp</FONT> <BR><FONT size=2>&gt; 
    then the rule for pop3 would be something like</FONT> <BR><FONT size=2>&gt; 
    add allow ip from mail.user.com 110 to IP/HOST (MAC dosn't </FONT><BR><FONT 
    size=2>&gt; work here right?)</FONT> <BR><FONT size=2>&gt; </FONT><BR><FONT 
    size=2>&gt; Now mail.user.com uses runrobin so the IP changes from request 
    to </FONT><BR><FONT size=2>&gt; request but dosn't the IPFW resolve the IP 
    when its added to </FONT><BR><FONT size=2>&gt; the rules, </FONT><BR><FONT 
    size=2>&gt; how can this be solved for the user?</FONT> <BR><FONT 
    size=2>&gt; </FONT><BR><FONT size=2>&gt; /John</FONT> <BR><FONT size=2>&gt; 
    </FONT><BR><FONT size=2>&gt; </FONT><BR><FONT size=2>&gt; To Unsubscribe: 
    send mail to majordomo@FreeBSD.org</FONT> <BR><FONT size=2>&gt; with 
    "unsubscribe freebsd-net" in the body of the message</FONT> <BR><FONT 
    size=2>&gt; </FONT></P></BLOCKQUOTE></BLOCKQUOTE></BODY></HTML>

------_=_NextPart_001_01C200D4.EEEA1460--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2F6DCE1EFAB3BC418B5C324F13934C96016C9B61>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation