On Tue, 2003-08-19 at 17:10, Oliver Graf wrote: > On Tue, Aug 19, 2003 at 05:04:54PM +0200, Eric Leblond wrote: > > On Tue, 2003-08-19 at 16:58, Oliver Graf wrote: > > > On Tue, Aug 19, 2003 at 04:56:17PM +0200, Eric Leblond wrote: > > > > > > > > Can your firewall software speak to a radius server? > > > > I'm coding it ;-) (http://www.gnufw.org) > > I just wanna know it a test of the kind : > > IP in good range > > port in good range > > ... > > is admissible on a radius server like freeradius. > > I would try it the other way around... the radius returns some rules > in the attributes and your software does the matching. > > Other solution: just program a freeradius module which does the > address checking magic. This is not really hard.
good idea > On the other hand: should every ip packet result in a radius request= > than your server is dead meat. True, but not if you only test packet with state NEW (beginning of connection in netfilter) that's only a few number you have to test. > So the best solution is to just load the firewall config from the > server, but does this make sense? really no for me. -- Eric Leblond <[EMAIL PROTECTED]> Alphalink - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
