Setting up a quick test network. User authme with authpf shell. Empty
authpf.conf file. authpf.rules has only one rule:
block in quick on sis0 proto tcp from $user_ip to 10.0.0.1 port
pf.conf includes:
table authpf_users persist
anchor authpf/*
Let's try it. (Irrevelant lines and info deleted.)
remote:~$nmap -p 10.0.0.1
PORT STATE
/tcp closed
remote:~$ ssh -l authme 10.0.0.1
[EMAIL PROTECTED]'s password:
Hello authme. You are authenticated from host 10.0.0.10
remote:~$nmap -p 10.0.0.1
PORT STATE
/tcp filtered
Looks good. Checking it out at the other end:
firewall:~# pfctl -t authpf_users -T show
10.0.0.10
firewall:~#pfctl -a authpf/authme(1234) -s rules
block drop in quick on sis0 inet proto tcp from 10.0.0.10 to 10.0.0.1 port =
But the following, direct from the pfctl man page, don't work:
firewall:~#man pfctl
By default, recursive inline printing of anchors applies only to
unnamed anchors specified inline in the ruleset. If the anchor
name is terminated with a `*' character, the -s flag will recur-
sively print all anchors in a brace delimited block. For example
the following will print the ``authpf'' ruleset recursively:
# pfctl -a 'authpf/*' -sr
firewall:~#pfctl -a 'authpf/*' -sr
firewall:~#
Nothing
firewall:~#man pfctl
To print the main ruleset recursively, specify only `*' as the
anchor name:
# pfctl -a '*' -sr
firewall:~#pfctl -a '*' -sr
anchor * all {
pfctl: DIOCGETRULES: Invalid argument
}
Am I misreading the man page in assuming that both of these commands should
return the block line that the authme login set up, or is something else
going on?
--
Jeff Simmons [EMAIL PROTECTED]
Simmons Consulting - Network Engineering, Administration, Security
You guys, I don't hear any noise. Are you sure you're doing it right?
-- My Life With The Thrill Kill Kult