[Shorewall-newbies] A few shorewall questions

David Shepherd sdave at ufl.edu
Sun Feb 22 01:23:53 PST 2004


I'm a student network administrator for the condo complex I live in.  I
have 2 main questions about shorewall:
 
1.)  Can the rules/policy config be updated without having to completely
restarting shorewall?  How would I go about doing this?  Or is this just
something that I shouldn't worry about?  I just get easy complaints from
the students that live here (being the internet is used 24-7 in a
college complex) if the system goes down for even a minute.  I would
like to prevent this.
 
2.)  I want to setup an intranet web server on the linux box that
shorewall is running on so the residents can register themselves with
me.  I actually was hoping there was a way to have a web script to run
on this site that will automatically enter the mac address (that they
specify in one of the fields as their systems mac address on the
website) into the mac list so they can only access the internet after
they register with me.  This is a way that I can know who is who when
running the sniffer so if I need to knock them off for abuse, I know who
it is so I can notify them first.  I will have a third NIC card that is
connected to the internal network that will only allow connection to
this web server where they can register.  Then the other two NICs are
used for the internet access.  Is this even possible for a web script to
add their mac address to the mac list of shorewall?  And will shorewall
restrict the people that are not on this mac list from the internet?
Would doing a "shorewall refresh" update the mac list instead of having
to restart shorewall completely ever time a user is added?  We only have
about 400 nodes but I don't want to have to reboot the system when we
get new macs added.  About half the condos are rented out and we have
turnovers every semester with about 100-200 new or different MAC
addresses.  I will manually remove the old macs, I just want to know if
it's possible to add macs to a mac list for an access control.  Only
macs on this list are let through, kind of an opposite of blacklist.
 
Thanks for any help on these subjects
 
Dave Shepherd


More information about the Shorewall-newbies mailing list