I'm trying to come up with a solution for the following scenario, and
its answer still eludes me...
An user sets up an SSH connection (using flags -N -D) with dynamic
forwarding enabled (for web surfing, git, messenger, etc), to an
OpenBSD machine. That machine runs PF and traffic queueing.
Is there a way to shape/queue traffic for that user, based on that
user id (for example, using authpf-noip)?
Since port forwarding has to be disabled in the SSH daemon, in order
to prevent users from circumventing authpf, is there a way to still
have the dynamic forwarding behaviour using only PF rules loaded by
authpf-noip for that user?
Any insight on the matter is welcomed =)