[ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
fwcd is a daemon that runs on the firewall. This requires that the firewall is an ordinary computer and not a dedicated router (such as a Cisco router). It communicates with Oasis, who sends requests to fwcd to login a user. The firewall control daemon will then start to listen on the traffic to decide if the user is logged in or not. When the user is inactive (but still connected), fwcd starts to ping the user until he is active again.
This solves the problem of too much probing, since the firewall doesn't need to actively probe all the time.
1.0.1 Starting fwcd 1.0.2 Configuring fwcd
[ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
Options are specified by the usual GNU command line syntax, with long
options starting with two dashes (--
).
Usage: fwcd [options]
Options:
[ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
The configuration file is by default installed as `/usr/local/etc/fwcd.conf'. There is a template in the `etc' subdirectory of the source distribution that you can modify to your needs. The syntax is simple: each directive consists of a keyword, an equal sign and an argument, as in:
keyword = argument
Comments begin with #
or //
and extends to the end of
the line. Block comments can be written in C syntax, beginning with
/*
and ending in */
.
Valid directives are:
probe-interval
log-facility
LOG_AUTHPRIV, LOG_DAEMON, LOG_LOCAL0, LOG_LOCAL1, LOG_LOCAL2, LOG_LOCAL3, LOG_LOCAL4, LOG_LOCAL5, LOG_LOCAL6, LOG_LOCAL7, LOG_USER
max-missed-probes
firewall-soft-timeout
firewall-hard-timeout
firewall-program
To open up a rule: <open> <IP> <MAC>
To close a rule: <close> <IP> <MAC>
To reset the firewall: <reset>
IP is a string in dotted-decimal form (xxx.xxx.xxx.xxx) and MAC is a colon-separated string of hex numbers (00:01:60:12:a7:bd).
port
probe-interface
oasis-host
oasis-port
probe-library
certificate-file
key-file
oasis-certificate-file
network
promiscuous
promiscuous
to 0
is a better
choice since the firewall only needs to listen on traffic to be routed
through that machine.
[Top] | [Contents] | [Index] | [ ? ] |
[Top] | [Contents] | [Index] | [ ? ] |
Button | Name | Go to | From 1.2.3 go to |
---|---|---|---|
[ < ] | Back | previous section in reading order | 1.2.2 |
[ > ] | Forward | next section in reading order | 1.2.4 |
[ << ] | FastBack | previous or up-and-previous section | 1.1 |
[ Up ] | Up | up section | 1.2 |
[ >> ] | FastForward | next or up-and-next section | 1.3 |
[Top] | Top | cover (top) of document | |
[Contents] | Contents | table of contents | |
[Index] | Index | concept index | |
[ ? ] | About | this page |