On Tue, Aug 19, 2003 at 05:04:54PM +0200, Eric Leblond wrote: > On Tue, 2003-08-19 at 16:58, Oliver Graf wrote: > > On Tue, Aug 19, 2003 at 04:56:17PM +0200, Eric Leblond wrote: > > > > > Can your firewall software speak to a radius server? > > I'm coding it ;-) (http://www.gnufw.org) > I just wanna know it a test of the kind : > IP in good range > port in good range > ... > is admissible on a radius server like freeradius.
I would try it the other way around... the radius returns some rules in the attributes and your software does the matching. Other solution: just program a freeradius module which does the address checking magic. This is not really hard. FreeRadius can do regular expression matching on attributes. but I don't think this would be good. On the other hand: should every ip packet result in a radius request= than your server is dead meat. So the best solution is to just load the firewall config from the server, but does this make sense? Oliver. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
