From owner-freebsd-questions@FreeBSD.ORG Tue Mar 1 16:33:50 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C244016A4CF for ; Tue, 1 Mar 2005 16:33:50 +0000 (GMT) Received: from nef2.ens.fr (nef2.ens.fr [129.199.96.40]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8759A43D62 for ; Tue, 1 Mar 2005 16:33:47 +0000 (GMT) (envelope-from Jacques.Beigbeder@ens.fr) Received: from trefle.ens.fr (trefle.ens.fr [129.199.96.17]) j21GXkgw014068 for ; Tue, 1 Mar 2005 17:33:46 +0100 (CET) Received: from (beig@localhost) by trefle.ens.fr (8.12.3/jb-1.1) Date: Tue, 1 Mar 2005 17:33:46 +0100 From: Jacques Beigbeder To: FreeBSD Mailing List Message-ID: <20050301163346.GA4159@trefle.ens.fr> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.5.5.1i X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-1.5.10 (nef2.ens.fr [129.199.96.32]); Tue, 01 Mar 2005 17:33:46 +0100 (CET) Subject: authpf on FreeBSD 5.3 : the answer X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Mar 2005 16:33:50 -0000 >> Kernel (the standard one, from CD distribution): >> FreeBSD mybox.ens.fr 5.3-RELEASE FreeBSD 5.3-RELEASE #0: Fri Nov 5 04:19:18 UTC 2004 >> root@harlow.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 >> >> I fail to have authpf working on FreeBSD 5.3. >> I setup a pf.conf file ending with: >> anchor "authpf/*" >> 'pfctl -sr' displays correctly: >> [ ... ] >> anchor authpf/* all >> 'pfctl -a authpf -s rules' displays: >> No rulesets in anchor 'authpf'. >> I run an ssh on a client, and then 'pfctl -a authpf -s rules' displays: >> (a poor rule just for test): >> pass in quick on bge1 inet proto tcp from 1.2.3.4 to any The answer: add 'keep state': pass in quick on bge1 inet proto tcp from 1.2.3.4 to any keep state -- Jacques Beigbeder | Jacques.Beigbeder@ens.fr Service de Prestations Informatiques | http://www.spi.ens.fr Ecole normale supérieure | 45 rue d'Ulm |Tel : (+33 1)1 44 32 37 96 F75230 Paris cedex 05 |Fax : (+33 1)1 44 32 20 75