----- Original Message -----
From: "Ronneil Camara" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, May 21, 2000 12:02 AM
Subject: RE: [plug]OT:killing non-active ip address
> If equal, the bash script doesn't send a reload to
> squid. But if it is not, then the bash script, sends a reload to squid.
ok, here's just my two devaluated cents worth :->
frequent reloading of any daemon is a bad practice and very expensive
thing to do. regarding to your problem, it is much better to do it in layer
3 filtering (for example: ipchains) than in application layer (which causes
you to reload the running daemon). doing it on layer 3 is pretty much
flexible compare to the upper layer. you just simply add and remove the
rules without reloading any running deamon on it. you can deny ip packets
from any source to any destination as your firewall base rules for maximum
filtering and simply add some ip addresses that you want to pass thru. its
up to you what kind of authentication method that you want to implement as
long you have a script to update your firewall rules. but of course, all of
your workstation packets must pass thru to your firewall box as their
gateway to the internet.
regarding to your keep alive problem when a node doesnt logout
properly, you have to implement some watchdog mechanism. there are lots of
strategy to do that, for example, by pinging the host or by setting a
maximum idle state of a certain host.
fooler.
-
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
