Date: Mon, 13 Apr 2009 23:21:51 +0200 From: "Olli Hauer" <ohauer@gmx.de> To: =?iso-8859-1?Q?=22Sebastian_Tymk=F3w=22?= <sebastian.tymkow@gmail.com>, freebsd-pf@freebsd.org Subject: Re: Authpf -remove only anchor Message-ID: <20090413212151.241590@gmx.net> In-Reply-To: <692660060904131327n6b7c0659u2888c24a3d538fac@mail.gmail.com> References: <692660060904131327n6b7c0659u2888c24a3d538fac@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> Hi, > > I wonder if there is any patch which alow me to delete only anchor rules > for > authpf. > Authpf usually closes all conections including ssh. I did some > modifications > which allow me > using authpf as normal program (executing from shell) but this close all > my > conections at the end. > > Best regards, > > Sebastian Tymkow No, but you can look at into the function authpf_kill_states in file src/contrib/pf/authpf/authpf.c My question is for what exactly do you use authpf? I use a modified authpf shell inside a chrooted cvs server to terminate only the ssh session and allow a tunnel to the pserver port. This way I can provide secure access to the cvs service to non existent system users. Access to pserver is provided via sshd_config. Even it is a good benefit to lower connections from the scrappy Tortoise and Eclipse which tries to fork many sessions for just an update/commit. Best Regards, olli -- Psssst! Schon vom neuen GMX MultiMessenger gehört? Der kann`s mit allen: http://www.gmx.net/de/go/multimessenger01
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090413212151.241590>