Johann Spies wrote:
At the moment they authenticate against a radius server and then the firewall will allow them to use a set of paid services. Our programmers are monitoring the stateful connections in real time and will stop the connection of a user when there is no more money available for pay-as-you-go-users and store the accounting information in an SQL-database (postgresql).
Hopefully, it is your 'programs' that do this monitoring rather than your 'programmers'.
Is there a way shorewall can be used in a similar way? From what I could see in the documentation about accounting is that it is possible to do accounting for users, but to me that looked like users registered on the system on which the firewall is running. Can this type of accounting be done while using a radius server to do authentication? I suppose the rules will have to be adjusted on the run as authentications and de-authentications take place and that, if we use two servers the iptables must be in sync.
I can't recommend Shorewall as a solution in your particular case. The authentication part could be made to work with an ipset (see http://www.shorewall.net/ipsets.html), but Shorewall's accounting feature isn't geared for such a large number of accounting 'buckets'.
-Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
