I have previously posted this message elsewhere but then I decided this is
a better place for it. Apologies for anybody seeing it twice.)

I have a problem here. I'd like to add a packet filter rule dynamically.
What I mean is a scenario like this:

1) The (default) Internet access on any machine is denied.

2) The user on machine decides she needs Internet access. So she does
something (like running a program I wrote, for example) which adds a
temporary packet filter rule saying "machine ABCD is allowed internet access".

3) Some time later she decides she does not need this access any more and
does something else which disables/removes this rule. The machine is denied
Internet access.

Of course, there are corner cases like 'what if ABCD hangs' but a general
idea should be pretty clear: I need a way to directly manipulate packet
filter rules from my program, without reinitialising my system every minute
or so.

Is this at all possible? And, if it is, what would be a performance impact
of every packet going through 50+ rules like this?

My software is NetWare 6.5 with BM 3.8.

Any idea on how to manage filters from a program?

Thanks in advance,

Piotr Sulecki
Institute of Metal Cutting, Krakow, Poland.