Date: Fri, 26 May 2006 17:40:12 +0200 From: Daniel Hartmeier <daniel@benzedrine.cx> To: Peter =?iso-8859-1?Q?Ankerst=E5l?= <peter@pean.org> Cc: freebsd-pf@freebsd.org Subject: Re: authpf. Message-ID: <20060526154012.GT11262@insomnia.benzedrine.cx> In-Reply-To: <44771631.6050901@pean.org> References: <44771631.6050901@pean.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, May 26, 2006 at 04:52:33PM +0200, Peter Ankerstål wrote: > I am using authpf for my wifi-network. But I want to redirect all of the > http-traffic to a webserver to show a "error message" when not > authenticated via authpf. But how to "remove" this rule when I > authenticate? As far as I know authpf just adds rules to the ruleset. Ah, sometimes more is less :) Assume you have a generic redirection like rdr on $int_if proto tcp to port 80 -> 127.0.0.1 8088 where 127.0.0.1:8088 is the web server with the error page, you can get a particular client not redirected by adding a rule in front of it, like no rdr on $int_if proto tcp from 10.1.2.3 to port 80 It has to be added in front because the first matching translation rule wins (unlike filter rules). I.e. place the rdr-anchor before the generic redirect, and add a 'no rdr' with authpf. Daniel
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060526154012.GT11262>