Hi, i read about fwknop in the german it magazine iX (03/2011). It seems like a perfect fit for my use case here, but i need something like multiple otp lists, one per user. I know that allowing multiple users manipulating the firewall is a bit strange, but it is the best solution i came across so far. Currently i am using a website (PHP) written to accomplish that task, but port knocking would be much better and easier to maintain. In a school environment i need to grant internet-acces (http(s), ftp, pop, imap, sftp) on demand to a group of computers. Currently the teacher opens the web-page, logs in with his name and an otp which is stored in a database, one table per user, and grants inet access to one room. In the background a php script calls a script which manipulates the firewall. The script is setuid-root by the way (with a wrapper of course). Technically this works like charm, but i do not like setuid root executes shell-scripts by php-pages. What i would need to do is to make fwknop look up the knock sequence or a part of it in a database, be it an internal or external like mysql. Let's say the user/teacher Joe has the number 0001 assigned then the sequence 0001 7331 0001 1234 1234 would execute the start command if the number "7331" is the next unused number in the table "0001". Another way would be to create one set of entries per user in the config file, where one set consists of two entries per group of computer. That would currently result in 80 * 2 * 8 entries. Could anybody help me and tell me a) if that is possible in a sense that it doesn't conflict with fwknop's design? b) and where in the sources of the perl version the changes would have to be done?
Thanks a lot Malte Müller ------------------------------------------------------------------------------ Free Software Download: Index, Search & Analyze Logs and other IT data in Real-Time with Splunk. Collect, index and harness all the fast moving IT data generated by your applications, servers and devices whether physical, virtual or in the cloud. Deliver compliance at lower cost and gain new business insights. http://p.sf.net/sfu/splunk-dev2dev _______________________________________________ Fwknop-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
