Taisto Qvist wrote:
Hi Folks,
I am having the extremely annoying, and probably simple problem of not
being able to list the rules in my authpf anchors, and its close to
keeping me up all night.
I had this issue when I configured this the first time, but I just cant
remember what kind of simple syntax problem I have, if thats what it is.
The system I have this problem on is a 3.9, just updated from 3.8, and
most config is simply moved, and I might have missed some changes?
First off, I thought that doing "pfctl -sA" would actually list ALL
the underlying anchors for authpf/*, including the active users,
currently logged in, but all i ever get is "authpf".
It would help if it was possible to just simply list all the underlying
achors underneath authpf/, but that doesnt seem possible??
Any help extremely appreciated!
-----------------
[EMAIL PROTECTED] /etc/authpf/users/cadq ># ps ax | grep cadq
10910 p6 Is+ 0:00.01 -authpf: [EMAIL PROTECTED] (authpf)
[EMAIL PROTECTED] /etc/authpf/users/cadq ># dl | grep cadq
Oct 11 00:58:25 vpngw authpf[10910]: allowing IP.IP.IP.IP, user cadq
[EMAIL PROTECTED] /etc/authpf/users/cadq ># pfctl -sA
authpf
[EMAIL PROTECTED] /etc/authpf/users/cadq ># pfctl -a authpf -sA
[EMAIL PROTECTED] /etc/authpf/users/cadq ># pfctl -a authpf -sA -s r
[EMAIL PROTECTED] /etc/authpf/users/cadq ># pfctl -a "authpf/cadq(10910)" -sA
Anchor 'authpf/cadq(10910)' not found.
[EMAIL PROTECTED] /etc/authpf/users/cadq ># pfctl -a "authpf/cadq(10910) -sA
-s r
[EMAIL PROTECTED] /etc/authpf/users/cadq ># pfctl -a "authpf/cadq(10910)" -sA
-s r
pfctl: DIOCGETRULES: Invalid argument
[EMAIL PROTECTED] /etc/authpf/users/cadq ># pfctl -a 'authpf/cadq(10910)' -sA
-s r
pfctl: DIOCGETRULES: Invalid argument
[EMAIL PROTECTED] /etc/authpf/users/cadq ># pfctl -a 'authpf/cadq(10910)' -s
r
pfctl: DIOCGETRULES: Invalid argument
[EMAIL PROTECTED] /etc/authpf/users/cadq ># pfctl -a 'authpf/cadq' -s r
pfctl: DIOCGETRULES: Invalid argument
[EMAIL PROTECTED] /etc/authpf/users/cadq ># pfctl -a "authpf/cadq" -s r
pfctl: DIOCGETRULES: Invalid argument
[EMAIL PROTECTED] /etc/authpf/users/cadq ># pfctl -s r | grep anchor
anchor "authpf/*" all
------------------
Regards
Taisto Qvist
IP-Solutions.se
On reasonably -current:
[EMAIL PROTECTED]:44]$ sudo pfctl -s Anchors -a 'authpf' -v
authpf/ottoauthpf(23035)
[EMAIL PROTECTED]:45]$ sudo pfctl -s rules -a 'authpf/ottoauthpf(23035)'
pass in quick on fxp0 inet proto tcp from 10.0.1.99 to any keep state
pass in quick on fxp0 inet proto udp from 10.0.1.99 to any keep state
pass in quick on fxp0 inet proto icmp from 10.0.1.99 to any keep state
-Otto
