Setting up a quick test network. User authme with authpf shell. Empty
authpf.conf file. authpf.rules has only one rule:
block in quick on sis0 proto tcp from $user_ip to 10.0.0.1 port 8888
pf.conf includes:
table persist
anchor "authpf/*"
Let's try it. (Irrevelant lines and info deleted.)
remote:~$nmap -p 8888 10.0.0.1
PORT STATE
8888/tcp closed
remote:~$ ssh -l authme 10.0.0.1
authme@10.0.0.1's password:
Hello authme. You are authenticated from host "10.0.0.10"
remote:~$nmap -p 8888 10.0.0.1
PORT STATE
8888/tcp filtered
Looks good. Checking it out at the other end:
firewall:~# pfctl -t authpf_users -T show
10.0.0.10
firewall:~#pfctl -a "authpf/authme(1234)" -s rules
block drop in quick on sis0 inet proto tcp from 10.0.0.10 to 10.0.0.1 port =
8888
But the following, direct from the pfctl man page, don't work:
firewall:~#man pfctl
By default, recursive inline printing of anchors applies only to
unnamed anchors specified inline in the ruleset. If the anchor
name is terminated with a `*' character, the -s flag will recur-
sively print all anchors in a brace delimited block. For example
the following will print the ``authpf'' ruleset recursively:
# pfctl -a 'authpf/*' -sr
firewall:~#pfctl -a 'authpf/*' -sr
firewall:~#
Nothing
firewall:~#man pfctl
To print the main ruleset recursively, specify only `*' as the
anchor name:
# pfctl -a '*' -sr
firewall:~#pfctl -a '*' -sr
anchor "*" all {
pfctl: DIOCGETRULES: Invalid argument
}
Am I misreading the man page in assuming that both of these commands should
return the block line that the authme login set up, or is something else
going on?
--
Jeff Simmons jsimmons@goblin.punk.net
Simmons Consulting - Network Engineering, Administration, Security
"You guys, I don't hear any noise. Are you sure you're doing it right?"
-- My Life With The Thrill Kill Kult
