Le jeu 02/10/2003 Ã 21:51, Harald Welte a Ãcrit : > On Tue, Sep 23, 2003 at 09:13:21AM -0700, Daniel Chemko wrote: > > I have seen some of this functionality in Checkpoint, and I think that > > it would be immensely useful in the iptables community if it is adopted. > > Just because a particular proprietary vendor offers a 'feature', it > doesn't necessarrily mean that we need to do a blind copy of that > feature. I agree with you in the sense that we can do a better work. As I said earlier in this thread and in this mailling list, the current tools provided by Netfilter are great enough to build a good user authentication system. The NuFW project (http://www.nufw.org) has managed to build a user authentication of packet, by (only) using libipq. We (the NuFW team) think that in the current state of the project, we have managed to prove the viability of the concept. But, it's just the beginning ! With a slight modification of libipq and of the corresponding module conbined with the use of CONNMARK, we should be able to provide a user based marking of the connection. If we're able to do so, the path to a user based ,QOS, bandwith sharing, or even routing will be wide open. We think that it's not a 'feature' but that it could really bring something to the iptables community. BR, -- Eric Leblond Nufw, Now User Filtering Works (http://www.nufw.org)
Attachment:
signature.asc
Description: Ceci est une partie de message =?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e=2E?=
