One meathod that I've seen used is to by default allow no forwarding. On initial box login, have a login script that records the username in a file named with the IP of the box to an SMB share. Poll those entries via a script every minute, and have the script compare the username to what was previously recorded. If changed, clear the old rules for that IP and apply the new rules via a user definition file. A constantly looping Perl Script in the background works nicely.
You can of course adjust the loop speed depending on how necissary it is to have the correct credentials, other duties of your forwarding box, and whatever other factors you want. You'll also want to compare the username logged in the file against the username who owns the file (the creator), if the names differ, clear all allow rules for that IP and send a little warning to you that the specific user is trying to "hack" your firewall. D- <Is there a way that I can exercise internet access control?? Currently I'm running <RH7.1 using iptable. < <I do understand that I can do some control using iptable or ipchain to filter using IP <Address. But using user name would be a better choice as my local users are sharing <PCs. _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
