I've been kicking around the notion of replicating the functionality that FireWall-1's "Client Authentication" mode offers for use with netfilter. That is, of course if it hasn't already been written!
For those who don't know how it works, it's very simple. The default state for user traffic is closed. To "sign in", the user does either a telnet firewall 259, or does http://firewall:900/. The user logs on using whatever pre-determined auth scheme, such as a RADIUS server, LDAP directory, etc... Upon successful authentication, that user's traffic is permitted to pass cleanly. Anyone know of a project of this type going on? --j -- Jason Costomiris <>< | Technologist, geek, human. jcostom {at} jasons {dot} org | http://www.jasons.org/ Quidquid latine dictum sit, altum viditur. My account, My opinions.
