On 5/10/06, Vas Péter <[EMAIL PROTECTED]> wrote:
> Ooops. Well, it was quick and dirty. You'd have to figure out a way to kill > logged in users too.
This seems simple. pfctl -k a.b.c.d Also, I have a tool that lets you create firewall rules which "time out" at a particular time. It's called dfd_keeper, and available on my website (see my .sig). Unfortunately I have not fully exploited all of pf's features such as anchors, tables, overload, and authpf. You can still use these things with dfd_keeper, but it could probably make better use of them. Using dfd_keeper, you don't really need to use authpf though. You can create a rule which allows access for a person, and creates it with a certain timeout, and you execute that command from a central accounting system. You may have to kill the state via another command, at least unless I implement something clever. But you can script all of this, and use "at" to schedule the state flush. If you're interested, I can put you on a very low traffic mailing list about it. -- "Curiousity killed the cat, but for a while I was a suspect" -- Steven Wright Security Guru for Hire http://www.lightconsulting.com/~travis/ -><- GPG fingerprint: 9D3F 395A DAC5 5CCC 9066 151D 0A6B 4098 0C55 1484
