[Nufw-devel] Re: A humble proposal

[Eric Leblond]

Le jeu 02/10/2003 à 21:51, Harald Welte a écrit :
> On Tue, Sep 23, 2003 at 09:13:21AM -0700, Daniel Chemko wrote:
> > I have seen some of this functionality in Checkpoint, and I think that
> > it would be immensely useful in the iptables community if it is adopted.
> 
> Just because a particular proprietary vendor offers a 'feature', it
> doesn't necessarrily mean that we need to do a blind copy of that
> feature.

I agree with you in the sense that we can do a better work. As I said
earlier in this thread and in this mailling list, the current tools
provided by Netfilter are great enough to build a good user
authentication system.

The NuFW project (http://www.nufw.org) has managed to build a user
authentication of packet, by (only) using libipq. We (the NuFW team)
think that in the current state of the project, we have managed to prove
the viability of the concept.

But, it's just the beginning ! With a slight modification of libipq and
of the corresponding module conbined with the use of CONNMARK, we should
be able to provide a user based marking of the connection.
If we're able to do so, the path to a user based ,QOS, bandwith sharing,
or even routing will be wide open.

We think that it's not a 'feature' but that it could really bring
something to the iptables community.

BR,
-- 
Eric Leblond
Nufw, Now User Filtering Works (http://www.nufw.org)

signature.asc
Description: Ceci est une partie de message numériquement signée.