>>> "S Mohan" <[EMAIL PROTECTED]> 09/12/02 12:05AM >>> >>>>One way to this is to make a weblet page (can we authenticate in weblet?) >>>>and allow it to execute a script or a shorwall command to allow an IP and ports. >>>>The problem is the system cannot know the user is done with automatically. >>>>The user has to again come in thro' weblet and delete that specific rule in >>>>iptables - again script driven thro' weblet.
I have not worked with shorewall yet, but I have used NoCat, which is a portal manager, and I was thinking a technique used there might apply here. nocat bocks all MAC addresses except those that are Authenticated. You can set up a maximum idle time on the Authentication. After signon, Nocat opens a window that refreshes itself every 3 minutes, so as long as the user is holding onto the IP lease, he still has a Nocat session. What it would need in the shorewall case mentioned above is a script that looks for the timeout and closes up the firewall after expiration. ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
