Date: Thu, 16 Sep 2004 03:52:07 -0000 From: Max Laier <max@love2party.net> To: Tom Danielsen <tom@mnemonic.no> Cc: pf4freebsd@freelists.org Subject: [pf4freebsd] Re: Authenticating gateway Message-ID: <177168532476.20030929163728@love2party.net> In-Reply-To: <20030929140917.GL22669@mnemonic.no> References: <20030929140917.GL22669@mnemonic.no>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello Tom, Monday, September 29, 2003, 4:09:17 PM, you wrote: TD> is there an easy-to-implement way to have the gateway authenticate TD> each outbound connection? Somewhat like authpf, but TD> 1. authenticate to gateway TD> 2. gateway adds rule TD> 3. one (1) outbound connection TD> 4. gateway removes the rule, but keeps the state entries Hmmm ... sound a bit obscure to me. How would you make sure that the same user does not re-authenticate and opens another connection? I'd go for the following approach: 1. Authenticate 2. Add a rule with "(max 1)" (see the "STATEFUL TRACKING OPTIONS" section of pf.conf(5)). This way you can make sure that you really get one connection per user. 3. One outbound connection at a time ... that's not 100% what you asked for, though. 4. No need to remove the rule, as the user can't create more than one connection. I hope this matches your needs. --=20 Best regards, Max mailto:max@love2party.net
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?177168532476.20030929163728>