On 05/20/2011 12:33 PM, Tom Eastep wrote: > On 5/20/11 12:18 PM, Paulo Cunha wrote: >> Hi everybody, >> >> I've been using shorewall for 5 years now ( Thanks Tom again! ) and i've >> managed to get in a new challenge. >> >> I need to control guests internet access with a ID card based auth. >> >> The web gui/auth system is ready, and i've moved to the IPSET part. >> >> My idea is that when a client connects to the network a REDIRECT match >> will send the web (tcp 80) requests to the local machine. >> >> Then the software side will add it's IP and MAC to a IPSET macipmap list >> >> My idea is to add a preceding rule to the RDIRECT(above) using ACCEPT+ >> that allows traffic to net if it matches the IPSET list,, then it will >> not pass on the redirect rule, so enabling user access. >> >> The question is: >> >> Will the ACCEPT+ action match the ip and mac from ipset list? > > Yes.
Note that you will want loc:+setname[src,src] in the SOURCE column (assuming that your LAN zone is 'loc'). -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ What Every C/C++ and Fortran developer Should Know! Read this article and learn how Intel has extended the reach of its next-generation tools to help Windows* and Linux* C/C++ and Fortran developers boost performance applications - including clusters. http://p.sf.net/sfu/intel-dev2devmay
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
