I think that make change to ipfw is not a good idea.
I have the following idea:
1. setup an WWW server on the firewall.
2. Progamming a java applet as a client in the authentication web pages.
3. Programming a authentication server on Firewall to communicate
with the java applet.
the server will generate rules to the firewall
( use ipfwadm ) .
After this enviroment is set up. we can see how a user go througt the firewall ..
1. use Browser accessing the Firwall WWW Server Authentication
Web page which contain the java applet.
In the java applet , the user type the username
and the password, and the IP he is using now.
then this information will be transfered
to the Authentication Server on the Firwall .
2. After Authentication, the Authentication Server will search the
User Database file to generate the rules
for the user which based on the IP.
and set up the IP ACCOUNT for that user.
3. After this has been done. the user can access the outside through
NOW.
4. During his accessing , the java applet will communicates with the
Authentication Server every few mintus (or seconds).
using that way to detect the java applet is
allive which indicate that the user is online ..after the defined times
that the
Server cannot communicate with the java applet ,
Server will delete the rules for that user.
---
Any ideas will be greatly appreciatated.
-- Name : Xie Hua Gang | Email : [EMAIL PROTECTED] Address: Nation Research Center | Phone : (010)62534642,62587952 for Intelligent Computer | Homepage: http://frost.ncic.ac.cn/~xhg PO.Box 2704,Beijing,China | http://www.geocities.com/collegepark/4886
