[TriLUG] looking for linux solution similar to openbsd's authpf
Sean Alexandre
sean at alexan.org
Mon Sep 16 10:35:15 EDT 2013
On Sun, Sep 15, 2013 at 06:23:27PM -0400, Dewey Hylton wrote:
> > Subject: [TriLUG] looking for linux solution similar to openbsd's authpf
> >
> > my google-fu is lacking, though all my searches to date have included the
> > authpf keyword so i'm likely excluding all the right answers.
> > recommendations?
> >
> > pretty much all my firewall expertise from the past 8-10 years involves
> > openbsd's pf, so i assume there's a lot to catch up on in the iptables
> > world ...
>
> sorry - i hit 'send' too soon ...
>
> here's the desired outcome ... by default, iptables on server X blocks access
> to port Y. i successfully login to server X via ssh, and iptables gets
> updated to allow me (my ip) to pass through on port Y.
Shorewall might give you what you're looking for, with rules based on uid-owner.
I have a small Debian gateway/firewall and use shorewall to manage the firewall
(iptables) rules. It really simplifies things.
The man page for shorewall has a section on rules based on USER/GROUP:
http://www.shorewall.net/manpages/shorewall-rules.html
That said, I'm not too familiar with authpf so don't know how close this comes
to what you need.
More information about the TriLUG
mailing list