Is there a way to define user based rules in iptables, like Active Directory users or custom user list with dynamic IPs?
Here is a project I found but it is not active now so it doesn't work for me. http://www.ufwi.org/
SnapOverflow
Is there a way to define user based rules in iptables, like Active Directory users or custom user list with dynamic IPs?
Here is a project I found but it is not active now so it doesn't work for me. http://www.ufwi.org/
It is possible, but it requires something other than iptables to do the authentication. Smoothwall [bias warning: I work there] use ntlm, kerberos etc. in the web filter or a captive portal to recognise a user:IP pair, which can then trigger particular iptables rules.
Sometimes it is tricky to work out if someone is logged out, or just hasn't reauthenticated in a while, but in general it works well.
If you tell us what you are trying to achieve is a less vague way then we may be able to give you better answers.
Iptables/netfilter works on packets. Packets in general don't have any way to tie them to a particular user. So no, you can't write rules based on particular AD users.
What you're asking for is to use Windows based user accounts for a *nix based system. While that can certainly be done I've yet to learn of a product that provides that facility. It would however be quite feasible to write a program or script that can query Active Directory and update iptables with the resulting data. The basics are no different to using Active Directory authentication for web apps, so you might look for PHP examples to give you a good start.
No, that is not possible using iptables. There are enterprise Firewalls (
Checkpointfor example) which are capable of that.