...
Shorewall dynamic zones are used to achieve the dynamic change of firewall rules set for the IP addresses added/removed to the "whitelist". The rules for the normal zone concerning the network connecting to the NASes/supplicants disallows all connectionseverything, except those what's needed for the RADIUS conversation between the NASes and FreeRADIUS '@@@1'(and perhaps, HTTP access to the NAS web interfaces). A dynamic zone is declared under the normal zone, whose rules allow network access, with logging. The 'shorewall add <dynamic_zone_name> <ip_address>' and 'shorewall delete <dynamic_zone_name> <ip_address>' commands can then be used by the shwl_*.sh scripts to change the applicable rules applicable for the specified source IP address. '@@@1?'
Sudo is installed and configured as it is required for some of the mentioned scripts to run commands as root or as a different user.
...