I am running a firewall. This firewall is administrated by a server
written by me and has many features which are not available in any of the
commercial firewalls. One of the feature is to set policies based on
user rather than hosts. This is very useful in the mobile environment.
User can be authenticated from any host and accordingly new firewall
policies for that host will be setup on time-to-time basis. Since
the policies are based on the user, server need to know the originator
user for the packets to be filtered. One way is to query back & cache but
it is not an efficient solution. Another way is to restrict the user to
use some range of source ports and firewall control server can be informed
of the ports at the time of authentication (This authentication information
exchange is done by a local application module). So that firewall can map
hosts+port to the user and apply the appropriate policies.
I think the scenerio should be very clear now. I will appreciate
any idea/feedback on this.
Regards,
Yusuf
====
Hughes Software System, India Phone: 91-124-346 666 ext. 2374
WWW: http://ulf.wep.net Fax : 91-124-343 715
http://yusuf.home.ml.org
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu