From: Franck P. <fra...@gm...> - 2013-02-03 11:37:46
|
Thanks for your quick answer! >>- on a successful login, the corresponding IP is allowed (using ban >>mechanism with a custom action) >> - after some time, the IP is forbidden (using unban mechanism) > > I must me missing some logic here. > If the user logs in, the IP is already allowed into the network, or am I wrong? By default, all IPs are filtered out. What I would like, is to add a firewall rule to allow an IP when a successful login is detected on the dedicated web page. The point is that this web page would actually do nothing but check authentications and log them. The actual opening of the FW would be made by fail2ban. This would allow to completely isolate this login service and avoid to expose something too complicated on the Internet. Cheers, Franck |