Setting up a quick test network. User authme with authpf shell. Empty authpf.conf file. authpf.rules has only one rule:
block in quick on sis0 proto tcp from $user_ip to 10.0.0.1 port 8888 pf.conf includes: table <authpf_users> persist anchor "authpf/*" Let's try it. (Irrevelant lines and info deleted.) remote:~$nmap -p 8888 10.0.0.1 PORT STATE 8888/tcp closed remote:~$ ssh -l authme 10.0.0.1 [EMAIL PROTECTED]'s password: Hello authme. You are authenticated from host "10.0.0.10" remote:~$nmap -p 8888 10.0.0.1 PORT STATE 8888/tcp filtered Looks good. Checking it out at the other end: firewall:~# pfctl -t authpf_users -T show 10.0.0.10 firewall:~#pfctl -a "authpf/authme(1234)" -s rules block drop in quick on sis0 inet proto tcp from 10.0.0.10 to 10.0.0.1 port = 8888 But the following, direct from the pfctl man page, don't work: firewall:~#man pfctl By default, recursive inline printing of anchors applies only to unnamed anchors specified inline in the ruleset. If the anchor name is terminated with a `*' character, the -s flag will recur- sively print all anchors in a brace delimited block. For example the following will print the ``authpf'' ruleset recursively: # pfctl -a 'authpf/*' -sr firewall:~#pfctl -a 'authpf/*' -sr firewall:~# Nothing firewall:~#man pfctl To print the main ruleset recursively, specify only `*' as the anchor name: # pfctl -a '*' -sr firewall:~#pfctl -a '*' -sr anchor "*" all { pfctl: DIOCGETRULES: Invalid argument } Am I misreading the man page in assuming that both of these commands should return the block line that the authme login set up, or is something else going on? -- Jeff Simmons [EMAIL PROTECTED] Simmons Consulting - Network Engineering, Administration, Security "You guys, I don't hear any noise. Are you sure you're doing it right?" -- My Life With The Thrill Kill Kult