On 6/19/10 3:16 PM, Cristian Rodríguez wrote: > El 19/06/10 17:24, Tom Eastep escribió: > >> What you are trying to accomplish is not possible with Shorewall. >> > > And I hope will never be ;-)
I don't see how any packet filter could do this. All SSH traffic is encrypted so an intermediate node (e.g., the Shorewall box) has no hope of understanding when a remote host has successfully authenticated on a local host. Then the intermediate node has to somehow remember that it opened another port as result of this particular connection and must close that other port when this connection closes. But what if the remote host opens 2 SSH connections? Or 432 connections? Then closes the original connection? The whole thing is fantesy... -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
