* Andreas Siegert wrote on Tue, Nov 21, 2000 at 10:56 +0100:
User Auth could be some Client on the WinXXX side that allows the user to enter user id / password or SecurID key that is checked by the Firewall before it allows routing of packets coming from 10.1.1.1
If there's nothing for linux avialable, you could develop (or hack) something. You could use a auth connect allowing routing for some time. If that connect and auth succeeded, a rule is inserted or remove in a IP chain. Another program or daemon or similar have to check the age (or whatever your criterias are) and remove the rules under some conditions. For auth connects you could use some CGI script, a SSH connect to a special "login/auth" shell (wouldn't be so difficult I think; password auth is done by SSH, the shell (the mini program) just need to notify some daemon or similar to open the firewall). Same for telnet (since SSH tunneled in IPSec is not required I think :)). Or you run a own listener on some free port (maybe useing tcpserver or inetd). oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.