Rules by username

  • I know in 2.0 it is possible to setup authentication via LDAP to AD, is it possible or is there a future plan to have it authenticate users and have firewall rules specific to users?

  • Rebel Alliance Developer Netgate

    It depends on what you're actually talking about there.

    The LDAP auth can be for the GUI, for OpenVPN, etc. Not for the "network" (so to speak).

    So you can have access controlled to the GUI by the user (specifying which pages they can see), for OpenVPN you can have CSC's assign a specific user a certain IP and filter on that if they're coming in over VPN, etc.

    There isn't a way to associate firewall rules on an interface with a user though, no matter what authentication method you're talking about. About the best you can do is static IP assignment to a PC and filter on that. Or perhaps force browser preferences to use squid and have squid do auth to lock down web access by username.

Log in to reply