> Here is my idea for implementing such a feature:
>
> Have an option to set an in and/or out filter for a user's connection which
> specifies things which will NOT reset the idle timer, such as:
>
> 1 permit 0.0.0.0/0 0.0.0.0/0 icmp
> 2 permit 0.0.0.0/0 0.0.0.0/0 tcp dst eq 110
>
> So neither icmp nor POP3 will reset the idle timer, also have an option in
> the filters (such as a special keyword) which you could put in which ComOS
> would replace with the user's current ip. This would also allow you to
> setup filters which prevent users from ip spoofing:
>
> 1 permit <user's ip> 0.0.0.0/0
> 2 permit 0.0.0.0/0 <user's ip>
> then deny everything else..
Filtering data which goes into the idle timer is not the solution as i can
have a tool using an undocumented protocol all the time.
The solution others go is a Average Bandwith monitoring and not resetting
idle if avg/Bandwith doesn't go above. Other way round. If avg/Bandwith
goes below a specific level which is based on expiriences with
interactive/sufing users then the line is disconnected after some specific
time. This avg/Bandwith should be more than polling pop-3 every
2 minutes and pinging some host ...
This could be done by a simple script monitoring the lines
accouting interface bytes per time and then disconnecting users if below.
Flo
-- Florian Lohoff mailto:flo@mini.gt.owl.de Phone:+49-5241-470566 Privates Internet Ostwestfalen-Lippe, Guetersloh - http://www.gt.owl.de- To unsubscribe, email 'majordomo@livingston.com' with 'unsubscribe portmaster-users' in the body of the message.