hi all
unfortunately authpf does not delete nat state when user disconnected.
I saw this problem and I couldnot find any good solution .
It looks there is a bug in authpf .
I wrote ksh script that can solve this problem in clean way.
I think this can be very useful temporary solution until OpenBSD can fix
this bug.
I named this script clean_authpf_natstate.sh and its content follows her
*#!/bin/ksh
old_users="";
(
while true; do
users=`pfctl -t authpf_users -T show 2> /dev/null`;
for old in $old_users; do
if ! echo $users|fgrep -q $old ; then
for ID in $(pfctl -ss -vv|grep -e "^[a-z"] -e id\:|grep -A
1 $old|awk '/id:/{print $2}'); do
pfctl -k id -k $ID > /dev/null 2> /dev/null
done
fi
done
sleep 1
old_users=$users
done ) &*
