Date: Tue, 21 May 2002 09:18:58 -0500 From: "Mire, John" <jmire@lsuhsc.edu> To: 'Scott Ullrich' <sullrich@CRE8.COM>, 'John Angelmo' <john@veidit.net>, net@freebsd.org Subject: RE: "dynamic" ipfw Message-ID: <DAC809EAC7E4594AA0696EF512F6ABF10AA73914@sh-exch>
next in thread | raw e-mail | index | archive | help
This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C200D2.72699750 Content-Type: text/plain; charset="iso-8859-1" nice project page, does it do anything? -----Original Message----- From: Scott Ullrich [mailto:sullrich@CRE8.COM] Sent: Monday, May 20, 2002 5:23 PM To: 'John Angelmo'; net@freebsd.org Subject: RE: "dynamic" ipfw Check out http://www.bsdshell.com <http://www.bsdshell.com>; 's EtherFirewall project. It will allow you to maintain Mac addresses with your IPFW rules. Now regarding the hostname to ip address conversion for firewall rules. I have a feeling it is translating the IP address at the time of entry so this is not really going to work for your round-robin situation. EtherFirewall is the clear choice for this. Good luck! -Scott > -----Original Message----- > From: John Angelmo [ mailto:john@veidit.net <mailto:john@veidit.net> ] > Sent: Monday, May 20, 2002 1:40 PM > To: net@freebsd.org > Subject: "dynamic" ipfw > > > Hello > > I have a small problem with IPFW > > How can I handle adding and removing rules based on IP/MAC per user? > I can add a rule for a specific IP/MAC without the need to > flush but can > I remove it in the same way? > > now lets say I have a user that only needs access to it's mailserver > mail.user.com with pop3 and smtp > then the rule for pop3 would be something like > add allow ip from mail.user.com 110 to IP/HOST (MAC dosn't > work here right?) > > Now mail.user.com uses runrobin so the IP changes from request to > request but dosn't the IPFW resolve the IP when its added to > the rules, > how can this be solved for the user? > > /John > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message > ------_=_NextPart_001_01C200D2.72699750 Content-Type: text/html; charset="iso-8859-1" <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1"> <TITLE>RE: "dynamic" ipfw</TITLE> <META content="MSHTML 5.50.4915.500" name=GENERATOR></HEAD> <BODY> <DIV><SPAN class=446182814-21052002><FONT face=Arial color=#0000ff size=2>nice project page, does it do anything?</FONT></SPAN></DIV> <BLOCKQUOTE dir=ltr style="MARGIN-RIGHT: 0px"> <DIV class=OutlookMessageHeader dir=ltr align=left><FONT face=Tahoma size=2>-----Original Message-----<BR><B>From:</B> Scott Ullrich [mailto:sullrich@CRE8.COM]<BR><B>Sent:</B> Monday, May 20, 2002 5:23 PM<BR><B>To:</B> 'John Angelmo'; net@freebsd.org<BR><B>Subject:</B> RE: "dynamic" ipfw<BR><BR></FONT></DIV> <P><FONT size=2>Check out <A target=_blank href="http://www.bsdshell.com">http://www.bsdshell.com</A>; 's EtherFirewall project. It will allow you to maintain Mac addresses with your IPFW rules. </FONT></P> <P><FONT size=2>Now regarding the hostname to ip address conversion for firewall rules. I have a feeling it is translating the IP address at the time of entry so this is not really going to work for your round-robin situation. EtherFirewall is the clear choice for this.</FONT></P> <P><FONT size=2>Good luck!</FONT> </P> <P><FONT size=2>-Scott</FONT> </P><BR> <P><FONT size=2>> -----Original Message-----</FONT> <BR><FONT size=2>> From: John Angelmo [<A href="mailto:john@veidit.net">mailto:john@veidit.net</A>]</FONT> <BR><FONT size=2>> Sent: Monday, May 20, 2002 1:40 PM</FONT> <BR><FONT size=2>> To: net@freebsd.org</FONT> <BR><FONT size=2>> Subject: "dynamic" ipfw</FONT> <BR><FONT size=2>> </FONT><BR><FONT size=2>> </FONT><BR><FONT size=2>> Hello</FONT> <BR><FONT size=2>> </FONT><BR><FONT size=2>> I have a small problem with IPFW</FONT> <BR><FONT size=2>> </FONT><BR><FONT size=2>> How can I handle adding and removing rules based on IP/MAC per user?</FONT> <BR><FONT size=2>> I can add a rule for a specific IP/MAC without the need to </FONT><BR><FONT size=2>> flush but can </FONT><BR><FONT size=2>> I remove it in the same way?</FONT> <BR><FONT size=2>> </FONT><BR><FONT size=2>> now lets say I have a user that only needs access to it's mailserver </FONT><BR><FONT size=2>> mail.user.com with pop3 and smtp</FONT> <BR><FONT size=2>> then the rule for pop3 would be something like</FONT> <BR><FONT size=2>> add allow ip from mail.user.com 110 to IP/HOST (MAC dosn't </FONT><BR><FONT size=2>> work here right?)</FONT> <BR><FONT size=2>> </FONT><BR><FONT size=2>> Now mail.user.com uses runrobin so the IP changes from request to </FONT><BR><FONT size=2>> request but dosn't the IPFW resolve the IP when its added to </FONT><BR><FONT size=2>> the rules, </FONT><BR><FONT size=2>> how can this be solved for the user?</FONT> <BR><FONT size=2>> </FONT><BR><FONT size=2>> /John</FONT> <BR><FONT size=2>> </FONT><BR><FONT size=2>> </FONT><BR><FONT size=2>> To Unsubscribe: send mail to majordomo@FreeBSD.org</FONT> <BR><FONT size=2>> with "unsubscribe freebsd-net" in the body of the message</FONT> <BR><FONT size=2>> </FONT></P></BLOCKQUOTE></BODY></HTML> ------_=_NextPart_001_01C200D2.72699750-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?DAC809EAC7E4594AA0696EF512F6ABF10AA73914>