[Top] [All Lists]

Re: Dynamic access lists

To: pb@xxxxxxxxxxxx (Peter Bieringer)
Subject: Re: Dynamic access lists
From: anand@xxxxxxxxxxxxxxxxx (SVR Anand)
Date: Mon, 25 Feb 2002 22:01:45 +0530 (GMT+05:30)
Cc: netdev@xxxxxxxxxxx
In-reply-to: <41960000.1014456526@localhost> from "Peter Bieringer" at Feb 23, 2002 10:28:46 AM
Sender: owner-netdev@xxxxxxxxxxx

Thanks for your response. It is an interesting coincidence that Check Point
is coming up with QoS based on user authentication soon. Not sure if they have 
a notion of soft session though, which is important, and useful in my scenario. 

The approach I am suggesting is mainly inspired by RSVP, but without any 
explicit signaling, and state maintenance in the form of periodic updates. 
A simple authentication mechanism with a provision for dynamic updation of 
filters within Linux TC, hopefully, is all that is required to accomplish the 
intended task. Presently, I am looking at conventional internet access without 
any configured VPN. 


> --On Saturday, February 23, 2002 12:57:23 PM +0530 SVR Anand
> <anand@xxxxxxxxxxxxxxxxx> wrote:
> ...sure an very offtopic answer, but perhaps interesting.
> I've heard this week that commercial firewall Check Point FW-1 Next
> Generation Flood Gate will (already or soon) support QoS based on
> User Authentication combined with VPN.
> The only Linux related things:
> * you can install the firewall (even flood gate) on Linux systems
> using kernel 2.4.x
> * a commandline VPN client will be availabe Q2 or so (but don't if
> here the QoS is supported.
>         Peter

<Prev in Thread] Current Thread [Next in Thread>