Re: New functionnality for authpf

[Vadim Zhukov]

On 13 October 2009 c. 18:53:07 BARDOU Pierre wrote:
> Hello,
>
>
>
> Id need a new functionnality in authpf
>
> It would be nice to do group based rules instead of user based rules.
>
>
>
> I made this using a script used as shell for the user, which lists the
> groups of the user, and add them to a table named like the group using
> pfctl and sudo.
>
> I can give it to you if you are interested.
>
>
>
> But I think it would be better to include this in authPF, and by the
> way it doesnt seems too difficult.
>
> Unfortunately, I dont know how to make this in C. Someone interested
> in doing this ?

Ignoring the fact that it's better for you to prepare money (or some
equivalent) to hier someone to do that work. You need it, then either
you implement it, or pay for it. For example, you could donate some
hardware OpenBSD need - see the www.openbsd.org/want.html .

Now, for the request itself, you should clarify exact behavior you want:

- Should the rules loaded only once, or every time user logs in? (The
real fun part here is detach policy)

- Maybe it's simplier to have /etc/authpf/groups/$GROUP/ directory with
authpf.rules in it, and make /etc/authpf/users/$USER/authpf.rules be a
soft link or contain "include" statement? The latter allows you very,
very much flexibility.

- Maybe more, I do not want to spend more time that I better have spent
for polishing my own patches.

--
  Best wishes,
    Vadim Zhukov

A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in e-mail?