Hi, I'm using fwknop 1.9.11 and trying to configure multiple users, each having his own password and external command to run.
In fwknop.conf here are the relevant lines: FIREWALL_TYPE external_cmd; AUTH_MODE PCAP; ENABLE_EXTERNAL_CMDS Y; EXTERNAL_CMD_OPEN /sbin/iptables -I FORWARD -s $SRC -j ACCEPT; EXTERNAL_CMD_CLOSE /sbin/iptables -D FORWARD -s $SRC -j ACCEPT; EXTERNAL_CMD_ALARM 30; In access.conf: SOURCE: ANY; OPEN_PORTS: tcp/22; ### for ssh (change for access to other services) REQUIRE_USERNAME: user1 KEY: pass1; FW_ACCESS_TIMEOUT: 120; EXTERNAL_CMD_OPEN /sbin/iptables -I FORWARD -s $SRC -d server1.domain.com -j ACCEPT; EXTERNAL_CMD_CLOSE /sbin/iptables -D FORWARD -s $SRC -d server1.domain.com -j ACCEPT; EXTERNAL_CMD_ALARM 30; SOURCE: ANY; OPEN_PORTS: tcp/22; ### for ssh (change for access to other services) REQUIRE_USERNAME: user2 KEY: pass2; FW_ACCESS_TIMEOUT: 120; EXTERNAL_CMD_OPEN /sbin/iptables -I FORWARD -s $SRC -d server2.domain.com -j ACCEPT; EXTERNAL_CMD_CLOSE /sbin/iptables -D FORWARD -s $SRC -d server2.domain.com -j ACCEPT; EXTERNAL_CMD_ALARM 30; You get the idea. But when using fwknop client 1.8.2 and sending only the password (no username), the external command is executed. Am I using the REQUIRE_USERNAME clause properly? -- Marc Delisle http://infomarc.info ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Fwknop-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
