Firewall question

Patrick O'Callaghan pocallaghan at gmail.com
Thu May 15 14:24:30 UTC 2008 

On Thu, 2008-05-15 at 15:10 +0100, Anne Wilson wrote:
> On Thursday 15 May 2008 13:56, Patrick O'Callaghan wrote:
> > On Thu, 2008-05-15 at 12:42 +0100, Anne Wilson wrote:
> > > In another thread Tim Evans said:
> > >
> > > You can, however, configure iptables to *allow* only a specified list of
> > > IP addresses (i.e., the ones you approve of).
> > >
> > > This set me wondering.  If you use wifi hotspots to collect mail, for
> > > instance, you have no idea what IPs you will be using.  Is there any way
> > > that the system can recognise the computer rather than the IP?  I'm
> > > guessing it must be possible, as my on-line bank knows immediately if I
> > > use a computer that I haven't used before.
> >
> > You collect mail by connecting from your machine to a server, so
> > firewall rules that block *incoming* connections won't affect you.
> >
> Sorry - you lost me :-)  When I was on holiday surely I was making an incoming 
> connection to read my mail?

Incoming to the mail server. Outgoing from your laptop. We're talking
about configuring your laptop at Wifi hotspots aren't we? Or have I
totally lost the plot?

(Nota Bene: "incoming" and "outgoing" has nothing to do with the
direction the mail is flowing. The machine behind the firewall that
sends the initial TCP request is the "outgoing" machine from the point
of view of the firewall, whether it's sending mail or reading it).

> > Recognizing the computer rather than the IP is not a firewall-level
> > question (more correctly: it's not a packet-filter level question, which
> > amounts to the same thing for most people). 
> 
> I realise that - probably I chose the wrong subject line.  My thinking carried 
> on from the firewall thread.
> 
> > As others have pointed out, 
> > this is one of the things cookies are used for.
> >
> I can see that for commercial sites, though I don't see how I could use it.  
> Maybe people who work from home don't need it, as they use tunnels for 
> security.  Is that it?  If so, that's another project to read up on, for the 
> next time I'm away.  Up to now, mail access has been sufficient.

Maybe I'm misunderstanding what you're trying to do.

poc

More information about the fedora-list mailing list