First I would like to apologize if my English is not good ... For me I think it''s possible but still have not found how to do despite spending the day looking at the documentation site. The wanted to do was this: do the whole first http connection to a machine inside the network were redirected to a warning page, and then it occurred to navigate normally. I imagine that this would be possible using the module "limit" but do not know how to deploy such a rule ... If anyone has an idea is welcome ... ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev
I think you can try to do something with RECENT. Like marking the first packet and redirecting the traffic to a SQUID server with transparent proxy and some kind of redirector answering the same page always (squidguard, for example). Than you can have another rule checking the mark (must be at least one line BEFORE the RECENT mark rule) and allowing the traffic. Problem is you cannot have the RECENT mark forever or else people would only see the warning message once (after every restart, of course). To counter this establish a timeout long enough for the entire work hours and maybe 1 hour more. I''m too tired to try to map this on shorewall now, please forgive me for not implementing it myself. I''m sure someone better than me can try to help you more. Flavio Machado Brasil edmarcos <edmarcos.souza@gmail.com> wrote on 18 Apr 2010, 10:19 PM: Subject: [Shorewall-users] Http redirect page in the first connection.>First I would like to apologize if my English is not good ... > >For me I think it''s possible but still have not found how to do despite >spending the day looking at the documentation site. > >The wanted to do was this: do the whole first http connection to a >machine inside the network were redirected to a warning page, and then >it occurred to navigate normally. > >I imagine that this would be possible using the module "limit" but do >not know how to deploy such a rule ... > >If anyone has an idea is welcome ... > > >------------------------------------------------------------------------------ > >Download Intel® Parallel Studio Eval >Try the new software tools for yourself. Speed compiling, find bugs >proactively, and fine-tune applications for parallel performance. >See why Intel Parallel Studio got high marks during beta. >http://p.sf.net/sfu/intel-sw-dev >_______________________________________________ >Shorewall-users mailing list >Shorewall-users@lists.sourceforge.net >https://lists.sourceforge.net/lists/listinfo/shorewall-users >----------------------------------------------------------------------------------------------------------------------- Send big files for free. Simple steps. No registration. Visit now http://www.nawelny.com ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev
Thanks Flavio. Also I'm from Brazil ... I am researching the subject and if you think back to post the list. If I wanted to keep in touch feel comfortable. Obrigado Flávio. Também sou do Brasil... Estou a pesquisar sobre o assunto e se achar volto a postar na lista. Caso queria manter contato sinta-se a vontade. Em Seg, 2010-04-19 às 02:35 +0000, Flavio Machado escreveu:> I think you can try to do something with RECENT. > > Like marking the first packet and redirecting the traffic to a SQUID > server with transparent proxy and some kind of redirector answering > the > same page always (squidguard, for example). > > Than you can have another rule checking the mark (must be at least > one > line BEFORE the RECENT mark rule) and allowing the traffic. > > Problem is you cannot have the RECENT mark forever or else people > would > only see the warning message once (after every restart, of course). To > counter this establish a timeout long enough for the entire work hours > and > maybe 1 hour more. > > I'm too tired to try to map this on shorewall now, please forgive me > for > not implementing it myself. I'm sure someone better than me can try > to > help you more. > > Flavio Machado > Brasil------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users