Re: authpf bug and solution
* Bahador NazariFard bahador.nazarif...@gmail.com [2012-06-26 20:35]: unfortunately authpf does not delete nat state when user disconnected. I believe I just committed the fix for this. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/
Re: authpf bug and solution
Hi Dear Friendhs Im sorry I looked for about this problem and its solution. but i couldn't find any solution. If you commited the fix how can I access fixed authpf. Im using OpenBSD 5.1. On Sat, Jul 7, 2012 at 7:51 PM, Henning Brauer henn...@openbsd.org wrote: * Bahador NazariFard bahador.nazarif...@gmail.com [2012-06-26 20:35]: unfortunately authpf does not delete nat state when user disconnected. I believe I just committed the fix for this. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/
Re: authpf bug and solution
On Sat, Jul 7, 2012 at 9:33 AM, Bahador NazariFard bahador.nazarif...@gmail.com wrote: If you commited the fix how can I access fixed authpf. Im using OpenBSD 5.1. You will need to install -current.
authpf bug and solution
hi all unfortunately authpf does not delete nat state when user disconnected. I saw this problem and I couldnot find any good solution . It looks there is a bug in authpf . I wrote ksh script that can solve this problem in clean way. I think this can be very useful temporary solution until OpenBSD can fix this bug. I named this script clean_authpf_natstate.sh and its content follows her *#!/bin/ksh old_users=; ( while true; do users=`pfctl -t authpf_users -T show 2 /dev/null`; for old in $old_users; do if ! echo $users|fgrep -q $old ; then for ID in $(pfctl -ss -vv|grep -e ^[a-z] -e id\:|grep -A 1 $old|awk '/id:/{print $2}'); do pfctl -k id -k $ID /dev/null 2 /dev/null done fi done sleep 1 old_users=$users done ) *