From owner-freebsd-questions  Mon Jun 17  3: 4: 8 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from rhadamanth.submonkey.net (pc1-card5-0-cust12.cdf.cable.ntl.com [80.3.216.12])
	by hub.freebsd.org (Postfix) with ESMTP id 6D57E37B40F
	for <freebsd-questions@freebsd.org>; Mon, 17 Jun 2002 03:04:05 -0700 (PDT)
Received: from setantae by rhadamanth.submonkey.net with local (Exim 3.36 #1)
	id 17JtMe-0001iD-00; Mon, 17 Jun 2002 11:04:00 +0100
Date: Mon, 17 Jun 2002 11:04:00 +0100
From: Ceri Davies <setantae@submonkey.net>
To: Darren Pilgrim <dmp@pantherdragon.org>
Cc: freebsd-questions@freebsd.org
Subject: Re: "Login for services" ipf/ipfw rule creation?
Message-ID: <20020617100400.GB6360@submonkey.net>
Mail-Followup-To: Ceri Davies <setantae@submonkey.net>,
	Darren Pilgrim <dmp@pantherdragon.org>, freebsd-questions@freebsd.org
References: <3D0DB0DC.2A7F8E1E@pantherdragon.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <3D0DB0DC.2A7F8E1E@pantherdragon.org>
User-Agent: Mutt/1.5.1i
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On Mon, Jun 17, 2002 at 02:50:20AM -0700, Darren Pilgrim wrote:
> I have this idea to let people gain access to my server.  The idea is to
> have a web-page where they enter their username and password, and select
> which services they want access to and for how long.  The script would
> then create a stateful firewall rule for the IP address the user logged
> in from that would be removed after the period specified.
> 
> I know ipfw doesn't have the ability to flush the static and dynamic
> rules seperately, but that ipf does.  Can I use both ipfw and ipf
> simutaneously, or is it an either/or deal?

I'm pretty sure it's either/or.

> Is there any functionality in ipf to remove a rule after a period of
> time, or would I need to add cron jobs to remove the rule?

You'd be better off using at rather than cron I think.

Ceri

-- 
you can't see when light's so strong
you can't see when light is gone

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message