tech-net: Re: Building IP-login (ipfw or what)

Subject: Re: Building IP-login (ipfw or what)
To: Ian Fry <Ian.Fry@sophos.com>
From: Petter Lindquist <pollen@astrakan.hig.se>
List: tech-net
Date: 04/04/2003 15:32:06

On Fri, 4 Apr 2003, Ian Fry wrote:

> What about the 'auth' stuff in ipf? It's mentioned in the manpage, but I
> haven't seen any examples - perhaps there are some on IPFilter's home
> page?

Thanks. This can probably do what i want.


from 'man ipf'
       -P     Add rules as temporary entries in  the  authentica-
              tion rule table.


from 'man ipf.conf'
       preauth
              tells the filter that for packets of this class, it
              should  look in the pre-authenticated list for fur-
              ther clarification.  If no further matching rule is
              found,  the  packet will be dropped (the FR_PREAUTH
              is not the same as FR_PASS).  If a further matching
              rule  is found, the result from that is used in its
              instead.  This might be used in a situation where a
              person  logs in to the firewall and it sets up some
              temporary rules defining the access for  that  per-
              son.

--=20
/P=E5llen - http://www.astrakan.hig.se/~pollen
          telnet://mumindalen.astrakan.hig.se