authpf this may be a misc question

Wed, 22 Oct 2003 06:50:19 -0700

Hey so i got my wi card to work... Now I am trying authpf rules. I think they are correct.
But when I change the users shell to /usr/sbin/authpf and try to connect with ssh
i get imediately disconnected from the authpf server. My wifi connection is still there though.

Here are my files

/etc/pf.conf

# macros
int_if = "fxp0"
ext_if = "xl0"
wi_if = "wi0"
gateway = "192.168.0.1"
scrub in all
nat on $ext_if from $int_if:network to any -> ($ext_if)
nat-anchor authpf
block log all
pass quick on lo0 all

block drop in  log quick on $ext_if from $priv_nets to any
block drop out log quick on $ext_if from any to $priv_nets

pass in log on $ext_if inet proto tcp from any to ($ext_if) \
  port $tcp_services flags S/SAFR keep state

#int if
pass in log on $int_if from $int_if:network to any keep state
pass out log on $int_if from any to $int_if:network keep state

#ext if
pass out log on $ext_if proto tcp all modulate state flags S/SAFR
pass out log on $ext_if proto { udp, icmp } all keep state

#wifi
#----------------------------
#-- Lock down WiFi network --
#----------------------------
# Default to: block all traffic on wireless interface
block on $wi_if all

# We have to allow ssh to the gateway machine
pass in quick on $wi_if proto tcp from any to $wi_if port = ssh keep state

# DNS so we can resolve its hostname
pass in quick on $wi_if proto udp from any to $wi_if port = domain

# Allow machines on LAN to talk to (un-authenticated) ones on wireless network
pass out quick on $wi_if proto { tcp udp icmp } from any to $wi_if:network \
keep state

# AuthPF anchor (dynamic rules will be 'anchored' here)
anchor authpf

/etc/authpf/authpf.rules
# Wireless interface (802.11b)
wi_if="wi0"

# Let authenticated WiFi clients do pretty much anything.
pass in quick on $wi_if proto { tcp udp icmp } from $user_ip to any keep state

/etc/authpf/authpf.message
test test tes

furthermore i feel there may be something wrong with my config cause i do not see this message.
yes i just contradicted myself. lol.. oh yeah i kinda stole this rule set of of google.... the ones from
authpf man page did the same thing....

I think thats it... let me know if you need something else

_________________________________________________________________
Never get a busy signal because you are always connected with high-speed Internet access. Click here to comparison-shop providers. https://broadband.msn.com

Reply via email to