[pf4freebsd] Re: Authenticating gateway
max at love2party.net
Wed Sep 15 20:52:07 PDT 2004
Monday, September 29, 2003, 4:09:17 PM, you wrote:
TD> is there an easy-to-implement way to have the gateway authenticate
TD> each outbound connection? Somewhat like authpf, but
TD> 1. authenticate to gateway
TD> 2. gateway adds rule
TD> 3. one (1) outbound connection
TD> 4. gateway removes the rule, but keeps the state entries
Hmmm ... sound a bit obscure to me. How would you make sure that the
same user does not re-authenticate and opens another connection?
I'd go for the following approach:
2. Add a rule with "(max 1)" (see the "STATEFUL TRACKING OPTIONS"
section of pf.conf(5)). This way you can make sure that you really
get one connection per user.
3. One outbound connection at a time ... that's not 100% what you asked
4. No need to remove the rule, as the user can't create more than one
I hope this matches your needs.
Max mailto:max at love2party.net
More information about the freebsd-pf