Dynamic firewall rules according to the user
-
Hi everybody!
Of which nature is the base in pfsense? (text, SQL, etc.)
And is it possible to create dynamic Firewall rules according to the user? Not to authorize all for all users….
Thank you in advance!lyl
-
Not sure I get you right but all settings are stored in a single xml file (see diagnostics>backup/restore, download).
I also don't understand what you mean with "dynamic rules" so I'll take another guess here: you probably want something like the captive portal (let users authenticate before they can pass) or use static DCHP mappings with appropriate firewall rules based on the assigned client IP. Use static ARP to harden your rules and precent users from setting their IPs manually.
-
Perhaps he is meaning sth like authpf?
-
hi!
n fact my question is:
It is possible to filter (HTTP, ftp…) in function to the login used
For example I have a login "test", for this login I want only HTTP....
I have login "test2", for this login only FTP and http....
It is in connection with the captive gate, version PFsense beta 4thank you in advance..
lylian -
As I haven't seen authpf in pfsense until yet (a pity, but I don't know how hard it would be to implement, but it sure would be a nice addition to captive portal), I'd say you could do it, if you map your users to a definite IP each and configure rules for that IP. You could e.g. use DHCP with their MACs and so map User A to IP x.x.x.a and user B to IP x.x.x.b.
IP-based filtering is not that nice, I know, and far from being fool proof. But I am curious if there are other methods already in pfSense (perhaps HEAD)?! :) -
As I haven't seen authpf in pfsense until yet (a pity, but I don't know how hard it would be to implement, but it sure would be a nice addition to captive portal), I'd say you could do it, if you map your users to a definite IP each and configure rules for that IP. You could e.g. use DHCP with their MACs and so map User A to IP x.x.x.a and user B to IP x.x.x.b.
IP-based filtering is not that nice, I know, and far from being fool proof. But I am curious if there are other methods already in pfSense (perhaps HEAD)?! :)No. Patches accepted.
