Re: temporary IP addition to firewall rules

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Nathaniel Hall wrote:
Noah wrote:

Does anybody have a recommendation for a program out there that would
allow somebody to enter an account and password on my website, their
IP address is cached, and the cached IP address is added temporarily
to the firewall ruleset to be allowed.

I have actually considered doing almost exactly the same thing.  What I
was planning on doing was writing a php page that the user would log in
with.  When they do, then php would run a system command using their IP
to add a netfilter (iptables) firewall rule.  There would then be a cron
job that runs daily to restart the firewall, thus the added rules would
be removed.


Hi All,

This sounds like a perfect match for ipset.

A single iptables rule could refer to the set and the firewall wouldn't have to be restarted. Addresses could be added and removed from the set to provide dynamic access control. (I use this technique to block miscreants automatically; their own actions put them into the set without any manual intervention on my part.)

Note that it would require rolling your own kernel.

http://ipset.netfilter.org

:m)

[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux