PAM-iptables

Nathan Zorn (zornnh@musc.edu)

DISCLAIMER
I am not liable for any damage caused by the use of this program.

LICENSE
GNU GENERAL PUBLIC LICENSE
See LICENSE for more information.

What is it?
This module inserts a firewall rule to allow forwarding from the
remote host that the user logged in from.  It was designed to work
with an Authentication Gateway.  See the Authentication-Gateway-HOWTO.
http://www.linuxdoc.org/HOWTO/Authentication-Gateway-HOWTO/index.html

INSTALLATION

unpack the source:

tar -xvzf pam_iptables.tar.gz
cd pam_iptables

compile and link the source:
gcc -fPIC -c pam_iptables.c
ld -x --shared -o pam_iptables.so pam_iptables.o

copy the module to the pam directory:
cp pam_iptables.so /lib/security/

Install the iptables script (insFwall) into /usr/local/auth-gw/
mkdir /usr/local/auth-gw
cp insFwall /usr/local/auth-gw

Put the following line in the service file contained in /etc/pam.d.

session    required     pam_iptables.so

The module takes the following arguments:
debug