Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 16 Sep 2004 03:55:13 -0000
From:      novocaine@free.fr
To:        pf4freebsd@freelists.org
Subject:   [pf4freebsd] Re: Using authpf
Message-ID:  <1067282506.3f9d704ae064e@imp3-a.free.fr>
In-Reply-To: <20031027055730.GA1026@kt-is.co.kr>
References:  <1067009522.3f9945f26f90e@imp1-a.free.fr> <20031025065139.GA7332@kt-is.co.kr> <1067066731.3f9a256b0baf7@imp1-l.free.fr> <20031027055730.GA1026@kt-is.co.kr>
next in thread | previous in thread | raw e-mail | index | archive | help 
Quoting Pyun YongHyeon <yongari@kt-is.co.kr>:


>  > > Oct 25 15:33:39 db authpf[693]: DIOCCOMMITRULES Invalid argument
>  > > Oct 25 15:33:39 db authpf[693]: removed 192.168.10.6, user pfuser =
-
> duration
>  > > 1067063619 seconds
>  > > Oct 25 15:33:39 db authpf[693]: cannot unlink /var/authpf/192.168.=
10.6
>  > > (Permission denied)
>=20
> The above error was false alarm. authpf works like a charm.
> The unlink error message came from my incorrect install.
> authpf binary should have authpf gid.

I had the same problem. authpf was in the wheel group. Now that it is cor=
rected,
 I don't have the unlink error anymore.

> If you still see the above error message, your setup is not
> correct or there might be an another bugs in authpf. Make sure
> authpf executable shoule be read as the following.
>=20
> db# ls -al /usr/sbin/authpf=20
> -r-sr-sr-x  1 root  authpf  125400 Oct 25 15:30 /usr/sbin/authpf

You were right!

>=20
> (Of course, if you installed authpf from port, authpf will
> reside in /usr/local/sbin directory.)
> And directory /var/authpf should have a mode '0770',
> its uid should be 'root' and its gid should be 'authpf'.

I installed authpf from ports.

>=20
> Normally you should see the following messages in your
> /var/log/authpf.
>=20
> ...


Got :

Oct 27 20:16:56 banquo authpf[38763]: allowing xxxxxxxxxx, user gatekeepe=
r
Oct 27 20:17:08 banquo authpf[38763]: removed xxxxxxxxx, user gatekeeper =
-
duration 12 seconds

no more error.

>=20
> After authenticating yourself, you can see applied rule set by authpf
> with 'pfctl -a authpf -vvsr'.

Yes it works as expected.

Thanks,


                          - Olivier

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1067282506.3f9d704ae064e>