RE: "dynamic" ipfw

Tue, 21 May 2002 07:25:38 -0700

Title: RE: "dynamic" ipfw
a search on google did not turn up anything for me and the webpage is just a page with seiki on it and no other links:
 
<html>
<head>
<title>seiki</title>
</head>

<body bgcolor="#FFFFFF" text="#000000">

<p align="center"></p>
<div align="center">
  <center>
  <table border="0" cellpadding="20" cellspacing="0" width="100%" height="100%">
    <tr>
      <td width="100%" height="100%">

        <p align="center"><img border="0" src="seiki.gif" align="center" width="413" height="173"></td>
    </tr>
  </table>
  </center>
</div>

</body>

</html>
-----Original Message-----
From: Scott Ullrich [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, May 21, 2002 9:37 AM
To: 'Mire, John'; Scott Ullrich; 'John Angelmo'; [EMAIL PROTECTED]
Subject: RE: "dynamic" ipfw

John,
 
What do you mean by does it do anything?  Currently all three projects are working and we are in the process of finishing new verisons. ;)
 
-Scott
-----Original Message-----
From: Mire, John [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, May 21, 2002 10:19 AM
To: 'Scott Ullrich'; 'John Angelmo'; [EMAIL PROTECTED]
Subject: RE: "dynamic" ipfw

nice project page, does it do anything?
-----Original Message-----
From: Scott Ullrich [mailto:[EMAIL PROTECTED]]
Sent: Monday, May 20, 2002 5:23 PM
To: 'John Angelmo'; [EMAIL PROTECTED]
Subject: RE: "dynamic" ipfw

Check out http://www.bsdshell.com 's EtherFirewall project.   It will allow you to maintain Mac addresses with your IPFW rules. 

Now regarding the hostname to ip address conversion for firewall rules.  I have a feeling it is translating the IP address at the time of entry so this is not really going to work for your round-robin situation.  EtherFirewall is the clear choice for this.

Good luck!

-Scott


> -----Original Message-----
> From: John Angelmo [mailto:[EMAIL PROTECTED]]
> Sent: Monday, May 20, 2002 1:40 PM
> To: [EMAIL PROTECTED]
> Subject: "dynamic" ipfw
>
>
> Hello
>
> I have a small problem with IPFW
>
> How can I handle adding and removing rules based on IP/MAC per user?
> I can add a rule for a specific IP/MAC without the need to
> flush but can
> I remove it in the same way?
>
> now lets say I have a user that only needs access to it's mailserver
> mail.user.com with pop3 and smtp
> then the rule for pop3 would be something like
> add allow ip from mail.user.com 110 to IP/HOST (MAC dosn't
> work here right?)
>
> Now mail.user.com uses runrobin so the IP changes from request to
> request but dosn't the IPFW resolve the IP when its added to
> the rules,
> how can this be solved for the user?
>
> /John
>
>
> To Unsubscribe: send mail to [EMAIL PROTECTED]
> with "unsubscribe freebsd-net" in the body of the message
>

Reply via email to