On Fri, Mar 21, 2008 at 11:37 AM, George Patterson
<--Text snipped-->

>  >
>  Hi Anders and All,
>  Yes, that could be done very simply at the IP data level with iptables.
>  1. Log into the web server which would adjust the iptables rules to
>  allow the authenticated user to log in.
>      - This could be either direct or using XML-RPL or SOAP to ask a
>  remote server to do the work.
>  2. Server adds an iptable LOG rule to detect that the user is still
>  connected (I'll come back to this in a bit). An ALLOW rule will also
>  need to be added to actually allow the connections.
>  3. User connects to the RA server as per normally done today. Protocol
>  does not need to change.
>  4. If the player hasn't been seen for a period of time (5 minutes??),
>  then drop the LOG and ALLOW rule from iptables. Perhaps the web server
>  needs to be told that the user has logged out.
>  I think that would work. Unfortunately I don't have access to another
>  computer to develop this. But should be easy enough. Personally I'd
>  create a customer chain to put these rules in as it will allow easy
>  separation of your firewall rules (if required) from the temporary
>  rules created by this system.
>  Have fun for whoever does this.
>  George

I have written a quick framework which I believe should work with
minimal changes. One To Do that i can't (Lacking a machine to test

- Written in CGI Perl (criteria: Installed on my Asus eeePC). Modules
required are minimal if not part of the core.
- Mostly centres around one script which authenticates the user
setting a browser cookie when doing so.
- Web server: lightttpd 1.4.x as it is an easy install onto the eeePC
(default reporsitiory)

The authentication details for the "database" has been separated to
allow whatever you wish to be "dropped" into place.

- Write code for manipulating the iptableas rules
- Currently there is not tainted data checking as I'm still working
through that.

I'd like to tidy up the code somewhat before putting it out to the
public arena, under the GPL license.
However, if someone would like to see what has been done, please drop
me a private email.
Is there a Perl programmer in the audience?



This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
Flightgear-devel mailing list

Reply via email to