[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: temporary IP addition to firewall rules



Nathaniel Hall wrote:
Noah wrote:

Does anybody have a recommendation for a program out there that would
allow somebody to enter an account and password on my website, their
IP address is cached, and the cached IP address is added temporarily
to the firewall ruleset to be allowed.

I have actually considered doing almost exactly the same thing.  What I
was planning on doing was writing a php page that the user would log in
with.  When they do, then php would run a system command using their IP
to add a netfilter (iptables) firewall rule.  There would then be a cron
job that runs daily to restart the firewall, thus the added rules would
be removed.


Hi All,

This sounds like a perfect match for ipset.

A single iptables rule could refer to the set and the firewall wouldn't have to be restarted. Addresses could be added and removed from the set to provide dynamic access control. (I use this technique to block miscreants automatically; their own actions put them into the set without any manual intervention on my part.)

Note that it would require rolling your own kernel.

http://ipset.netfilter.org

:m)


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]