Re: authpf bug and solution

2012-07-07 Thread Henning Brauer 
* Bahador NazariFard bahador.nazarif...@gmail.com [2012-06-26 20:35]:
 unfortunately authpf does not delete nat state when user disconnected.

I believe I just committed the fix for this.

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed
Henning Brauer Consulting, http://henningbrauer.com/

Re: authpf bug and solution

2012-07-07 Thread Bahador NazariFard 
Hi Dear Friendhs
Im sorry I looked for about this problem and its solution. but i couldn't
find any solution.

If you commited the fix how can I access fixed authpf.
Im using OpenBSD 5.1.

On Sat, Jul 7, 2012 at 7:51 PM, Henning Brauer henn...@openbsd.org wrote:

 * Bahador NazariFard bahador.nazarif...@gmail.com [2012-06-26 20:35]:
  unfortunately authpf does not delete nat state when user disconnected.

 I believe I just committed the fix for this.

 --
 Henning Brauer, h...@bsws.de, henn...@openbsd.org
 BS Web Services, http://bsws.de, Full-Service ISP
 Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully
 Managed
 Henning Brauer Consulting, http://henningbrauer.com/

Re: authpf bug and solution

2012-07-07 Thread James Hartley 
On Sat, Jul 7, 2012 at 9:33 AM, Bahador NazariFard 
bahador.nazarif...@gmail.com wrote:

 If you commited the fix how can I access fixed authpf.
 Im using OpenBSD 5.1.


 You will need to install -current.

authpf bug and solution

2012-06-26 Thread Bahador NazariFard 
hi all
unfortunately authpf does not delete nat state when user disconnected.
I saw this problem and I couldnot find any good solution .
It looks there is a bug in authpf .
I wrote ksh script that can solve this problem in clean way.
I think this can be very useful temporary solution until OpenBSD can fix
this bug.
I named this script clean_authpf_natstate.sh and its content follows her

*#!/bin/ksh
old_users=;
(
while true; do
   users=`pfctl -t authpf_users -T show 2 /dev/null`;
   for old in $old_users; do
   if ! echo $users|fgrep -q $old ; then
 for ID in $(pfctl -ss -vv|grep -e ^[a-z] -e id\:|grep -A
1 $old|awk '/id:/{print $2}'); do
  pfctl -k id -k $ID  /dev/null 2 /dev/null
 done
   fi
   done
   sleep 1
   old_users=$users
done ) *