On Thursday 24 January 2002 20:07, Matt Schalit wrote: > Jon Clausen wrote: > > > I put the draft at: http://bund.dk/~jon/weblethowto-pub.html > > O.k. done.
Yet again. This time, take a look at the bottom left corner ;) > N1 Jon, Thanks > The answer to the remote thing would be to have a script > loaded on your remote laptop that, when run, determines the > laptop ip and writes a one line file containing: > > sh-httpd: ip.add.re.ss/255.255.255.255 > > to the laptop temp directory, and then uses scp or ssh or rsync > to append that one line temp file to the LEAF box /etc/host.allow. Hmm. Yeah I guess this would work. I have two objections to this kind of scheme, though: 1. A laptop is inherently in danger of getting 'lost'. If that should happen, having the laptop (and the firewall) being configured so the laptop has a (semi) automatic capability to write to hosts.allow would maybe make it a little too easy for anyone who happens to 'find' it to gain access to the firewall... 2. Said laptop might very well be some sort of windows-entity. And although one *might* be able to create such a script for that platform, I would *not* like the idea of letting windows have root-access to my firewall... If you know what I mean. Maybe I'm just too paranoid, or maybe it's just that I'm a newbie in this field, but writing to hosts.allow like that, on a routine basis... it just seems... well... insecure? I must say that I like the idea better, of having a script on the firewall listen on a predetermined port, for some kind of identifier, and then open up for traffic from the laptop IP. And having this happen dynamically, so you get one session at a time... > If the laptop is on a private network, then the script uses > the NAT gateway ip. Determinig the NAT ip could get tricky, > but can be done easily enough with a script that when called > makes traffic to somewhere that responds with the NAT ip. Sounds reasonable. Something like calling whatismyip.com or somesuch perhaps? This is getting very interesting :) Jon _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
