Date: Tue, 21 May 2002 09:36:56 -0500 From: "Mire, John" <jmire@lsuhsc.edu> To: 'Scott Ullrich' <sullrich@CRE8.COM>, "Mire, John" <jmire@lsuhsc.edu>, 'John Angelmo' <john@veidit.net>, net@freebsd.org Subject: RE: "dynamic" ipfw Message-ID: <DAC809EAC7E4594AA0696EF512F6ABF10AA73915@sh-exch>
next in thread | raw e-mail | index | archive | help
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------_=_NextPart_001_01C200D4.F4FCF340
Content-Type: text/plain;
charset="iso-8859-1"
a search on google did not turn up anything for me and the webpage is just a
page with seiki on it and no other links:
<html>
<head>
<title>seiki</title>
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p align="center"></p>
<div align="center">
<center>
<table border="0" cellpadding="20" cellspacing="0" width="100%"
height="100%">
<tr>
<td width="100%" height="100%">
<p align="center"><img border="0" src="seiki.gif" align="center"
width="413" height="173"></td>
</tr>
</table>
</center>
</div>
</body>
</html>
-----Original Message-----
From: Scott Ullrich [mailto:sullrich@CRE8.COM]
Sent: Tuesday, May 21, 2002 9:37 AM
To: 'Mire, John'; Scott Ullrich; 'John Angelmo'; net@freebsd.org
Subject: RE: "dynamic" ipfw
John,
What do you mean by does it do anything? Currently all three projects are
working and we are in the process of finishing new verisons. ;)
-Scott
-----Original Message-----
From: Mire, John [mailto:jmire@lsuhsc.edu]
Sent: Tuesday, May 21, 2002 10:19 AM
To: 'Scott Ullrich'; 'John Angelmo'; net@freebsd.org
Subject: RE: "dynamic" ipfw
nice project page, does it do anything?
-----Original Message-----
From: Scott Ullrich [mailto:sullrich@CRE8.COM]
Sent: Monday, May 20, 2002 5:23 PM
To: 'John Angelmo'; net@freebsd.org
Subject: RE: "dynamic" ipfw
Check out http://www.bsdshell.com <http://www.bsdshell.com>; 's
EtherFirewall project. It will allow you to maintain Mac addresses with
your IPFW rules.
Now regarding the hostname to ip address conversion for firewall rules. I
have a feeling it is translating the IP address at the time of entry so this
is not really going to work for your round-robin situation. EtherFirewall
is the clear choice for this.
Good luck!
-Scott
> -----Original Message-----
> From: John Angelmo [ mailto:john@veidit.net <mailto:john@veidit.net> ]
> Sent: Monday, May 20, 2002 1:40 PM
> To: net@freebsd.org
> Subject: "dynamic" ipfw
>
>
> Hello
>
> I have a small problem with IPFW
>
> How can I handle adding and removing rules based on IP/MAC per user?
> I can add a rule for a specific IP/MAC without the need to
> flush but can
> I remove it in the same way?
>
> now lets say I have a user that only needs access to it's mailserver
> mail.user.com with pop3 and smtp
> then the rule for pop3 would be something like
> add allow ip from mail.user.com 110 to IP/HOST (MAC dosn't
> work here right?)
>
> Now mail.user.com uses runrobin so the IP changes from request to
> request but dosn't the IPFW resolve the IP when its added to
> the rules,
> how can this be solved for the user?
>
> /John
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-net" in the body of the message
>
------_=_NextPart_001_01C200D4.F4FCF340
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Diso-8859-1">
<TITLE>RE: "dynamic" ipfw</TITLE>
<META content=3D"MSHTML 5.50.4915.500" name=3DGENERATOR></HEAD>
<BODY>
<DIV><SPAN class=3D762024414-21052002><FONT face=3DArial =
color=3D#0000ff size=3D2>a=20
search on google did not turn up anything for me and the webpage is =
just a page=20
with seiki on it and no other links:</FONT></SPAN></DIV>
<DIV><SPAN class=3D762024414-21052002><!--StartFragment =
--> <PRE><<SPAN class=3Dstart-tag>html</SPAN>>
<<SPAN class=3Dstart-tag>head</SPAN>>
<<SPAN class=3Dstart-tag>title</SPAN>>seiki</<SPAN =
class=3Dend-tag>title</SPAN>>
</<SPAN class=3Dend-tag>head</SPAN>>
<<SPAN class=3Dstart-tag>body</SPAN><SPAN class=3Dattribute-name> =
bgcolor</SPAN>=3D<SPAN class=3Dattribute-value>"#FFFFFF" </SPAN><SPAN =
class=3Dattribute-name>text</SPAN>=3D<SPAN =
class=3Dattribute-value>"#000000"</SPAN>>
<<SPAN class=3Dstart-tag>p</SPAN><SPAN class=3Dattribute-name> =
align</SPAN>=3D<SPAN =
class=3Dattribute-value>"center"</SPAN>></<SPAN =
class=3Dend-tag>p</SPAN>>
<<SPAN class=3Dstart-tag>div</SPAN><SPAN class=3Dattribute-name> =
align</SPAN>=3D<SPAN class=3Dattribute-value>"center"</SPAN>>
<<SPAN class=3Dstart-tag>center</SPAN>>
<<SPAN class=3Dstart-tag>table</SPAN><SPAN class=3Dattribute-name> =
border</SPAN>=3D<SPAN class=3Dattribute-value>"0" </SPAN><SPAN =
class=3Dattribute-name>cellpadding</SPAN>=3D<SPAN =
class=3Dattribute-value>"20" </SPAN><SPAN =
class=3Dattribute-name>cellspacing</SPAN>=3D<SPAN =
class=3Dattribute-value>"0" </SPAN><SPAN =
class=3Dattribute-name>width</SPAN>=3D<SPAN =
class=3Dattribute-value>"100%" </SPAN><SPAN =
class=3Dattribute-name>height</SPAN>=3D<SPAN =
class=3Dattribute-value>"100%"</SPAN>>
<<SPAN class=3Dstart-tag>tr</SPAN>>
<<SPAN class=3Dstart-tag>td</SPAN><SPAN =
class=3Dattribute-name> width</SPAN>=3D<SPAN =
class=3Dattribute-value>"100%" </SPAN><SPAN =
class=3Dattribute-name>height</SPAN>=3D<SPAN =
class=3Dattribute-value>"100%"</SPAN>>
</PRE><PRE> <<SPAN class=3Dstart-tag>p</SPAN><SPAN =
class=3Dattribute-name> align</SPAN>=3D<SPAN =
class=3Dattribute-value>"center"</SPAN>><<SPAN =
class=3Dstart-tag>img</SPAN><SPAN class=3Dattribute-name> =
border</SPAN>=3D<SPAN class=3Dattribute-value>"0" </SPAN><SPAN =
class=3Dattribute-name>src</SPAN>=3D<SPAN =
class=3Dattribute-value>"seiki.gif" </SPAN><SPAN =
class=3Dattribute-name>align</SPAN>=3D<SPAN =
class=3Dattribute-value>"center" </SPAN><SPAN =
class=3Dattribute-name>width</SPAN>=3D<SPAN =
class=3Dattribute-value>"413" </SPAN><SPAN =
class=3Dattribute-name>height</SPAN>=3D<SPAN =
class=3Dattribute-value>"173"</SPAN>></<SPAN =
class=3Dend-tag>td</SPAN>>
</<SPAN class=3Dend-tag>tr</SPAN>>
</<SPAN class=3Dend-tag>table</SPAN>>
</<SPAN class=3Dend-tag>center</SPAN>>
</<SPAN class=3Dend-tag>div</SPAN>>
</<SPAN class=3Dend-tag>body</SPAN>>
</<SPAN class=3Dend-tag>html</SPAN>></PRE></SPAN></DIV>
<BLOCKQUOTE dir=3Dltr style=3D"MARGIN-RIGHT: 0px">
<DIV class=3DOutlookMessageHeader dir=3Dltr align=3Dleft><FONT =
face=3DTahoma=20
size=3D2>-----Original Message-----<BR><B>From:</B> Scott Ullrich=20
[mailto:sullrich@CRE8.COM]<BR><B>Sent:</B> Tuesday, May 21, 2002 9:37 =
AM<BR><B>To:</B> 'Mire, John'; Scott Ullrich; 'John Angelmo';=20
net@freebsd.org<BR><B>Subject:</B> RE: "dynamic" =
ipfw<BR><BR></FONT></DIV>
<DIV>
<DIV><SPAN class=3D067033614-21052002><FONT face=3DArial =
color=3D#0000ff=20
size=3D2>John,</FONT></SPAN></DIV>
<DIV><SPAN class=3D067033614-21052002><FONT face=3DArial =
color=3D#0000ff=20
size=3D2></FONT></SPAN> </DIV>
<DIV><SPAN class=3D067033614-21052002><FONT face=3DArial =
color=3D#0000ff size=3D2>What=20
do you mean by does it do anything? Currently all three =
projects are=20
working and we are in the process of finishing new verisons.=20
;)</FONT></SPAN></DIV>
<DIV><SPAN class=3D067033614-21052002><FONT face=3DArial =
color=3D#0000ff=20
size=3D2></FONT></SPAN> </DIV>
<DIV><SPAN class=3D067033614-21052002><FONT face=3DArial =
color=3D#0000ff=20
size=3D2>-Scott</FONT></SPAN></DIV></DIV>
<BLOCKQUOTE dir=3Dltr style=3D"MARGIN-RIGHT: 0px">
<DIV class=3DOutlookMessageHeader dir=3Dltr align=3Dleft><FONT =
face=3DTahoma=20
size=3D2>-----Original Message-----<BR><B>From:</B> Mire, John=20
[mailto:jmire@lsuhsc.edu]<BR><B>Sent:</B> Tuesday, May 21, 2002 =
10:19=20
AM<BR><B>To:</B> 'Scott Ullrich'; 'John Angelmo';=20
net@freebsd.org<BR><B>Subject:</B> RE: "dynamic" =
ipfw<BR><BR></FONT></DIV>
<DIV><SPAN class=3D446182814-21052002><FONT face=3DArial =
color=3D#0000ff=20
size=3D2>nice project page, does it do =
anything?</FONT></SPAN></DIV>
<BLOCKQUOTE dir=3Dltr style=3D"MARGIN-RIGHT: 0px">
<DIV class=3DOutlookMessageHeader dir=3Dltr align=3Dleft><FONT =
face=3DTahoma=20
size=3D2>-----Original Message-----<BR><B>From:</B> Scott Ullrich =
[mailto:sullrich@CRE8.COM]<BR><B>Sent:</B> Monday, May 20, 2002 =
5:23=20
PM<BR><B>To:</B> 'John Angelmo'; =
net@freebsd.org<BR><B>Subject:</B> RE:=20
"dynamic" ipfw<BR><BR></FONT></DIV>
<P><FONT size=3D2>Check out <A target=3D_blank=20
href=3D"http://www.bsdshell.com">http://www.bsdshell.com</A>; 's=20
EtherFirewall project. It will allow you to maintain =
Mac=20
addresses with your IPFW rules. </FONT></P>
<P><FONT size=3D2>Now regarding the hostname to ip address =
conversion for=20
firewall rules. I have a feeling it is translating the IP =
address at=20
the time of entry so this is not really going to work for your =
round-robin=20
situation. EtherFirewall is the clear choice for =
this.</FONT></P>
<P><FONT size=3D2>Good luck!</FONT> </P>
<P><FONT size=3D2>-Scott</FONT> </P><BR>
<P><FONT size=3D2>> -----Original Message-----</FONT> =
<BR><FONT=20
size=3D2>> From: John Angelmo [<A=20
=
href=3D"mailto:john@veidit.net">mailto:john@veidit.net</A>]</FONT> =
<BR><FONT=20
size=3D2>> Sent: Monday, May 20, 2002 1:40 PM</FONT> <BR><FONT =
size=3D2>> To: net@freebsd.org</FONT> <BR><FONT size=3D2>> =
Subject:=20
"dynamic" ipfw</FONT> <BR><FONT size=3D2>> </FONT><BR><FONT =
size=3D2>>=20
</FONT><BR><FONT size=3D2>> Hello</FONT> <BR><FONT =
size=3D2>>=20
</FONT><BR><FONT size=3D2>> I have a small problem with =
IPFW</FONT>=20
<BR><FONT size=3D2>> </FONT><BR><FONT size=3D2>> How can I =
handle adding=20
and removing rules based on IP/MAC per user?</FONT> <BR><FONT =
size=3D2>>=20
I can add a rule for a specific IP/MAC without the need to=20
</FONT><BR><FONT size=3D2>> flush but can </FONT><BR><FONT =
size=3D2>> I=20
remove it in the same way?</FONT> <BR><FONT size=3D2>> =
</FONT><BR><FONT=20
size=3D2>> now lets say I have a user that only needs access =
to it's=20
mailserver </FONT><BR><FONT size=3D2>> mail.user.com with pop3 =
and=20
smtp</FONT> <BR><FONT size=3D2>> then the rule for pop3 would =
be=20
something like</FONT> <BR><FONT size=3D2>> add allow ip from=20
mail.user.com 110 to IP/HOST (MAC dosn't </FONT><BR><FONT =
size=3D2>> work=20
here right?)</FONT> <BR><FONT size=3D2>> </FONT><BR><FONT =
size=3D2>> Now=20
mail.user.com uses runrobin so the IP changes from request to=20
</FONT><BR><FONT size=3D2>> request but dosn't the IPFW =
resolve the IP=20
when its added to </FONT><BR><FONT size=3D2>> the rules, =
</FONT><BR><FONT=20
size=3D2>> how can this be solved for the user?</FONT> =
<BR><FONT=20
size=3D2>> </FONT><BR><FONT size=3D2>> /John</FONT> =
<BR><FONT=20
size=3D2>> </FONT><BR><FONT size=3D2>> </FONT><BR><FONT =
size=3D2>> To=20
Unsubscribe: send mail to majordomo@FreeBSD.org</FONT> <BR><FONT=20
size=3D2>> with "unsubscribe freebsd-net" in the body of the=20
message</FONT> <BR><FONT size=3D2>>=20
</FONT></P></BLOCKQUOTE></BLOCKQUOTE></BLOCKQUOTE></BODY></HTML>
------_=_NextPart_001_01C200D4.F4FCF340--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?DAC809EAC7E4594AA0696EF512F6ABF10AA73915>