On Sat, Feb 23, 2002 at 10:28:46AM +0100, Peter Bieringer wrote:
> --On Saturday, February 23, 2002 12:57:23 PM +0530 SVR Anand
> <anand@xxxxxxxxxxxxxxxxx> wrote:
>
> ...sure an very offtopic answer, but perhaps interesting.
>
> I've heard this week that commercial firewall Check Point FW-1 Next
> Generation Flood Gate will (already or soon) support QoS based on
> User Authentication combined with VPN.
>
> The only Linux related things:
>
> * you can install the firewall (even flood gate) on Linux systems
> using kernel 2.4.x
> * a commandline VPN client will be availabe Q2 or so (but don't if
> here the QoS is supported.
>
> Peter
If you do your VPNs using PPTP (or PPP/anything) you can easily filter
over them using the network interface ppp?.
Remember you can combine netfilter's capability with TC filters by
MARKing the packets with NF and then using that mark with TC.
Also, if you use PPTP, you can in turn write a simple plugin for pppd
that would create a new rule (either via netfilter or tc) to match the
packets.
If you don't use VPN at all, but dhcp instead or any kind of
authentication scheme, you can script the creation of the rule on the
connection. Use the source =)
At the end, it's all just simple scripting if you have the code.
Obviously, if you are stucked with checkpoint, it wont be so nice =)
Alberto
|