Date: Tue, 21 May 2002 09:36:56 -0500 From: "Mire, John" <jmire@lsuhsc.edu> To: 'Scott Ullrich' <sullrich@CRE8.COM>, "Mire, John" <jmire@lsuhsc.edu>, 'John Angelmo' <john@veidit.net>, net@freebsd.org Subject: RE: "dynamic" ipfw Message-ID: <DAC809EAC7E4594AA0696EF512F6ABF10AA73915@sh-exch>
next in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
a search on google did not turn up anything for me and the webpage is just a
page with seiki on it and no other links:
<html>
<head>
<title>seiki</title>
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p align="center"></p>
<div align="center">
<center>
<table border="0" cellpadding="20" cellspacing="0" width="100%"
height="100%">
<tr>
<td width="100%" height="100%">
<p align="center"><img border="0" src="seiki.gif" align="center"
width="413" height="173"></td>
</tr>
</table>
</center>
</div>
</body>
</html>
-----Original Message-----
From: Scott Ullrich [mailto:sullrich@CRE8.COM]
Sent: Tuesday, May 21, 2002 9:37 AM
To: 'Mire, John'; Scott Ullrich; 'John Angelmo'; net@freebsd.org
Subject: RE: "dynamic" ipfw
John,
What do you mean by does it do anything? Currently all three projects are
working and we are in the process of finishing new verisons. ;)
-Scott
-----Original Message-----
From: Mire, John [mailto:jmire@lsuhsc.edu]
Sent: Tuesday, May 21, 2002 10:19 AM
To: 'Scott Ullrich'; 'John Angelmo'; net@freebsd.org
Subject: RE: "dynamic" ipfw
nice project page, does it do anything?
-----Original Message-----
From: Scott Ullrich [mailto:sullrich@CRE8.COM]
Sent: Monday, May 20, 2002 5:23 PM
To: 'John Angelmo'; net@freebsd.org
Subject: RE: "dynamic" ipfw
Check out http://www.bsdshell.com <http://www.bsdshell.com>; 's
EtherFirewall project. It will allow you to maintain Mac addresses with
your IPFW rules.
Now regarding the hostname to ip address conversion for firewall rules. I
have a feeling it is translating the IP address at the time of entry so this
is not really going to work for your round-robin situation. EtherFirewall
is the clear choice for this.
Good luck!
-Scott
> -----Original Message-----
> From: John Angelmo [ mailto:john@veidit.net <mailto:john@veidit.net> ]
> Sent: Monday, May 20, 2002 1:40 PM
> To: net@freebsd.org
> Subject: "dynamic" ipfw
>
>
> Hello
>
> I have a small problem with IPFW
>
> How can I handle adding and removing rules based on IP/MAC per user?
> I can add a rule for a specific IP/MAC without the need to
> flush but can
> I remove it in the same way?
>
> now lets say I have a user that only needs access to it's mailserver
> mail.user.com with pop3 and smtp
> then the rule for pop3 would be something like
> add allow ip from mail.user.com 110 to IP/HOST (MAC dosn't
> work here right?)
>
> Now mail.user.com uses runrobin so the IP changes from request to
> request but dosn't the IPFW resolve the IP when its added to
> the rules,
> how can this be solved for the user?
>
> /John
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-net" in the body of the message
>
[-- Attachment #2 --]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<TITLE>RE: "dynamic" ipfw</TITLE>
<META content="MSHTML 5.50.4915.500" name=GENERATOR></HEAD>
<BODY>
<DIV><SPAN class=762024414-21052002><FONT face=Arial color=#0000ff size=2>a
search on google did not turn up anything for me and the webpage is just a page
with seiki on it and no other links:</FONT></SPAN></DIV>
<DIV><SPAN class=762024414-21052002><!--StartFragment --> <PRE><<SPAN class=start-tag>html</SPAN>>
<<SPAN class=start-tag>head</SPAN>>
<<SPAN class=start-tag>title</SPAN>>seiki</<SPAN class=end-tag>title</SPAN>>
</<SPAN class=end-tag>head</SPAN>>
<<SPAN class=start-tag>body</SPAN><SPAN class=attribute-name> bgcolor</SPAN>=<SPAN class=attribute-value>"#FFFFFF" </SPAN><SPAN class=attribute-name>text</SPAN>=<SPAN class=attribute-value>"#000000"</SPAN>>
<<SPAN class=start-tag>p</SPAN><SPAN class=attribute-name> align</SPAN>=<SPAN class=attribute-value>"center"</SPAN>></<SPAN class=end-tag>p</SPAN>>
<<SPAN class=start-tag>div</SPAN><SPAN class=attribute-name> align</SPAN>=<SPAN class=attribute-value>"center"</SPAN>>
<<SPAN class=start-tag>center</SPAN>>
<<SPAN class=start-tag>table</SPAN><SPAN class=attribute-name> border</SPAN>=<SPAN class=attribute-value>"0" </SPAN><SPAN class=attribute-name>cellpadding</SPAN>=<SPAN class=attribute-value>"20" </SPAN><SPAN class=attribute-name>cellspacing</SPAN>=<SPAN class=attribute-value>"0" </SPAN><SPAN class=attribute-name>width</SPAN>=<SPAN class=attribute-value>"100%" </SPAN><SPAN class=attribute-name>height</SPAN>=<SPAN class=attribute-value>"100%"</SPAN>>
<<SPAN class=start-tag>tr</SPAN>>
<<SPAN class=start-tag>td</SPAN><SPAN class=attribute-name> width</SPAN>=<SPAN class=attribute-value>"100%" </SPAN><SPAN class=attribute-name>height</SPAN>=<SPAN class=attribute-value>"100%"</SPAN>>
</PRE><PRE> <<SPAN class=start-tag>p</SPAN><SPAN class=attribute-name> align</SPAN>=<SPAN class=attribute-value>"center"</SPAN>><<SPAN class=start-tag>img</SPAN><SPAN class=attribute-name> border</SPAN>=<SPAN class=attribute-value>"0" </SPAN><SPAN class=attribute-name>src</SPAN>=<SPAN class=attribute-value>"seiki.gif" </SPAN><SPAN class=attribute-name>align</SPAN>=<SPAN class=attribute-value>"center" </SPAN><SPAN class=attribute-name>width</SPAN>=<SPAN class=attribute-value>"413" </SPAN><SPAN class=attribute-name>height</SPAN>=<SPAN class=attribute-value>"173"</SPAN>></<SPAN class=end-tag>td</SPAN>>
</<SPAN class=end-tag>tr</SPAN>>
</<SPAN class=end-tag>table</SPAN>>
</<SPAN class=end-tag>center</SPAN>>
</<SPAN class=end-tag>div</SPAN>>
</<SPAN class=end-tag>body</SPAN>>
</<SPAN class=end-tag>html</SPAN>></PRE></SPAN></DIV>
<BLOCKQUOTE dir=ltr style="MARGIN-RIGHT: 0px">
<DIV class=OutlookMessageHeader dir=ltr align=left><FONT face=Tahoma
size=2>-----Original Message-----<BR><B>From:</B> Scott Ullrich
[mailto:sullrich@CRE8.COM]<BR><B>Sent:</B> Tuesday, May 21, 2002 9:37
AM<BR><B>To:</B> 'Mire, John'; Scott Ullrich; 'John Angelmo';
net@freebsd.org<BR><B>Subject:</B> RE: "dynamic" ipfw<BR><BR></FONT></DIV>
<DIV>
<DIV><SPAN class=067033614-21052002><FONT face=Arial color=#0000ff
size=2>John,</FONT></SPAN></DIV>
<DIV><SPAN class=067033614-21052002><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=067033614-21052002><FONT face=Arial color=#0000ff size=2>What
do you mean by does it do anything? Currently all three projects are
working and we are in the process of finishing new verisons.
;)</FONT></SPAN></DIV>
<DIV><SPAN class=067033614-21052002><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=067033614-21052002><FONT face=Arial color=#0000ff
size=2>-Scott</FONT></SPAN></DIV></DIV>
<BLOCKQUOTE dir=ltr style="MARGIN-RIGHT: 0px">
<DIV class=OutlookMessageHeader dir=ltr align=left><FONT face=Tahoma
size=2>-----Original Message-----<BR><B>From:</B> Mire, John
[mailto:jmire@lsuhsc.edu]<BR><B>Sent:</B> Tuesday, May 21, 2002 10:19
AM<BR><B>To:</B> 'Scott Ullrich'; 'John Angelmo';
net@freebsd.org<BR><B>Subject:</B> RE: "dynamic" ipfw<BR><BR></FONT></DIV>
<DIV><SPAN class=446182814-21052002><FONT face=Arial color=#0000ff
size=2>nice project page, does it do anything?</FONT></SPAN></DIV>
<BLOCKQUOTE dir=ltr style="MARGIN-RIGHT: 0px">
<DIV class=OutlookMessageHeader dir=ltr align=left><FONT face=Tahoma
size=2>-----Original Message-----<BR><B>From:</B> Scott Ullrich
[mailto:sullrich@CRE8.COM]<BR><B>Sent:</B> Monday, May 20, 2002 5:23
PM<BR><B>To:</B> 'John Angelmo'; net@freebsd.org<BR><B>Subject:</B> RE:
"dynamic" ipfw<BR><BR></FONT></DIV>
<P><FONT size=2>Check out <A target=_blank
href="http://www.bsdshell.com">http://www.bsdshell.com</A>; 's
EtherFirewall project. It will allow you to maintain Mac
addresses with your IPFW rules. </FONT></P>
<P><FONT size=2>Now regarding the hostname to ip address conversion for
firewall rules. I have a feeling it is translating the IP address at
the time of entry so this is not really going to work for your round-robin
situation. EtherFirewall is the clear choice for this.</FONT></P>
<P><FONT size=2>Good luck!</FONT> </P>
<P><FONT size=2>-Scott</FONT> </P><BR>
<P><FONT size=2>> -----Original Message-----</FONT> <BR><FONT
size=2>> From: John Angelmo [<A
href="mailto:john@veidit.net">mailto:john@veidit.net</A>]</FONT> <BR><FONT
size=2>> Sent: Monday, May 20, 2002 1:40 PM</FONT> <BR><FONT
size=2>> To: net@freebsd.org</FONT> <BR><FONT size=2>> Subject:
"dynamic" ipfw</FONT> <BR><FONT size=2>> </FONT><BR><FONT size=2>>
</FONT><BR><FONT size=2>> Hello</FONT> <BR><FONT size=2>>
</FONT><BR><FONT size=2>> I have a small problem with IPFW</FONT>
<BR><FONT size=2>> </FONT><BR><FONT size=2>> How can I handle adding
and removing rules based on IP/MAC per user?</FONT> <BR><FONT size=2>>
I can add a rule for a specific IP/MAC without the need to
</FONT><BR><FONT size=2>> flush but can </FONT><BR><FONT size=2>> I
remove it in the same way?</FONT> <BR><FONT size=2>> </FONT><BR><FONT
size=2>> now lets say I have a user that only needs access to it's
mailserver </FONT><BR><FONT size=2>> mail.user.com with pop3 and
smtp</FONT> <BR><FONT size=2>> then the rule for pop3 would be
something like</FONT> <BR><FONT size=2>> add allow ip from
mail.user.com 110 to IP/HOST (MAC dosn't </FONT><BR><FONT size=2>> work
here right?)</FONT> <BR><FONT size=2>> </FONT><BR><FONT size=2>> Now
mail.user.com uses runrobin so the IP changes from request to
</FONT><BR><FONT size=2>> request but dosn't the IPFW resolve the IP
when its added to </FONT><BR><FONT size=2>> the rules, </FONT><BR><FONT
size=2>> how can this be solved for the user?</FONT> <BR><FONT
size=2>> </FONT><BR><FONT size=2>> /John</FONT> <BR><FONT
size=2>> </FONT><BR><FONT size=2>> </FONT><BR><FONT size=2>> To
Unsubscribe: send mail to majordomo@FreeBSD.org</FONT> <BR><FONT
size=2>> with "unsubscribe freebsd-net" in the body of the
message</FONT> <BR><FONT size=2>>
</FONT></P></BLOCKQUOTE></BLOCKQUOTE></BLOCKQUOTE></BODY></HTML>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?DAC809EAC7E4594AA0696EF512F6ABF10AA73915>