Hi, I have a weird Ubuntu-based project involving mini-ITX computer systems in the role of LAN gateways. Each one has multiple bridged network adapters on the LAN side plus wireless. One of the requirements is for connection security; client systems on the LAN-side connecting to these gateways have to be "authorized" before being able to pass traffic.
On the wireless side, I have HostAPD running with 802.1x, EAP-TLS so that locks down the WLAN pretty well. However, I have no such functionality available for the internal NICs. Even bridged, they are still only a basic network adapter and can't provide EAPOL messages to HostAPD. I can do basic MAC filtering in IPTables but this is not scalable to any extent and I don't really want to delve into a virtual switch/flow controller at this point. I am wondering if it would be possible to use fwknop on the LAN side of these gateways for dynamic iptables? Clients not properly configured with the correct config, cert, etc. would be blocked from passing traffic. Since I pre-provision clients that would operate behind these systems I'd configure fwknop to run during startup (or as a service, etc.). Is this realistic and if so do you have any thoughts, examples, etc. on how this might work? Thanks.... The boxes are designed to be "standalone" in that there won't be any switches involved ------------------------------------------------------------------------------ Want excitement? Manually upgrade your production database. When you want reliability, choose Perforce Perforce version control. Predictably reliable. http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk _______________________________________________ Fwknop-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
