Hello everyone, I'm trying to come up with a solution for the following scenario, and its answer still eludes me...
An user sets up an SSH connection (using flags -N -D) with dynamic forwarding enabled (for web surfing, git, messenger, etc), to an OpenBSD machine. That machine runs PF and traffic queueing. Is there a way to shape/queue traffic for that user, based on that user id (for example, using authpf-noip)? Since port forwarding has to be disabled in the SSH daemon, in order to prevent users from circumventing authpf, is there a way to still have the dynamic forwarding behaviour using only PF rules loaded by authpf-noip for that user? Any insight on the matter is welcomed =)
