Hi list. I am running iptables v1.2.7a on my debian box that acts as a firewall and a port-forwarder to my WebMail on my LAN. For this senario a remote user connected to the Internet connect from his laptop using a web-interface on port 8080, after the user authenticates a Perl script will grab the users IP address. The idea is to create a secure webmail. If a hacker tries to scan my Linux box, he only gets port 8080(authentication web) open and if a rule is created for a specific IP address, only this IP address is open to port 80 to my LAN and port 8080 for the authentication web My questions are. 1. Is there a way to capture his current IP address and dynamically add a rule the will forward any requests to the firewall on port 80 to my Web-Mail on my LAN? 2. Is there a way after the user closes his http connection to dynamically delete this specific rule to prevent packet impersonating/hijacking? 3. Is there a build in module in Iptables that add a rule when a new session established and delete it upon end session? 4.is there an example of a Perl script that grabs then current authenticate user IP address? ********************* Yaniv Fine *********************
