[H-GEN] Firewall Authentication

Robert Stanford rob at rotapile.com
Sun Oct 13 12:26:08 EDT 2002


[ Humbug *General* list - semi-serious discussions about Humbug and     ]
[ Unix-related topics. Posts from non-subscribed addresses will vanish. ]

Sort of related to my previous post, I have a box running iptables,
security is rather important, however those who need to access it are on
dynamic ip. I was considering authenticating http connections via apache
which then runs a cgi script to add a temporary rule allowing access
from the connecting IP ($REMOTE_HOST).

I'd realy appreciate some opinions on this topic. If someone has a
better method, please speak up. This is the only way I could think of
doing it. And yes, it _has_ to be done with iptables, the service they
are connecting to has no authentication of its own. Well possibly not if
theres something better around.

BTW its not an option to have them ssh in and add the rules themselves,
the people connecting are barely capable of typing a URL into a web
browser.

-- 
¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤
   Robert Stanford 
º¤º°`°º¤ø,¸¸,ø¤º°`°º¤º


--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'.  See http://www.humbug.org.au/



More information about the General mailing list