Page 1 of 1

Add IP/Firewall rules on connect

Posted: Fri Jul 09, 2004 8:18 am
by Freman
G'day there... I know I've been asking phenomenally difficult questions (if not impossible)

And as a result, they don't get answered :oops:

Anyway.

I'm using radius and pppoe.

Is there anyway I can script it so that when a user connects it adds an ip address to the ether1 then add a couple of firewall rules.

and of course, it'd be realy good if it would kindly remove the rules and ip on user disconnect...

perhaps I want something to do with /tool netwatch and I'm assuming the interface name is "pppoe-<username>"

Posted: Sat Jul 10, 2004 5:52 am
by fivenetwork
Interesting.

Umm,

1. Create your firewall rules or whatever first.
2. Write scripts for enabling/disabling the rules.
3. Use /tool netwatch to run the relevant script as per the status

We do it here all the time for monitoring the status of the parent proxy. If parent proxy goes down then a script is executed which resets the Parent Proxy parameter to default and once it goes up again sets it back.

Posted: Mon Jul 12, 2004 11:47 am
by edzix
you have to use Sustem Scheduler in this case. You should check for new pppoe connections every 59s (e.i. interval=59s), in this scheduled task use a script which is taking 'uptime' parameter for each pppoe client (from '/interface pppoe-server' submenu) and if this uptime is less than 1min add firewall rules or whatever you need.
But you cannot catch the moment when this clients is getting disconnected, so
everything you added will be left and can be removed only manually.

Edgars