[Bug 291981] authpf/pfctl DIOCBEGINADDRS: Operation not permitted

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=291981

            Bug ID: 291981
           Summary: authpf/pfctl DIOCBEGINADDRS: Operation not permitted
           Product: Base System
           Version: 15.0-RELEASE
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Many People
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: freebsd@scd-systems.net

Hi,


My previous working authpf setup on FreeBSD 14.3 does not work anymore on
15.0-RELEASE.
When ever the authpf user tries to login to the machine by ssh, the console on
client side reports:

pfctl: DIOCBEGINADDRS: Operation not permitted
Unable to modify filters

On the server (FreeBSD 15.0-RELEASE) it only reports in the /var/log/messages:

authpf[3323]: pfctl exited abnormally

I tried a fresh installed FreeBSD 15.0 with a simple one line rule and get the
same result. It seems the anchors cannot be loading/read anymore.
The exact same procedure on 14.3 works as expected.

---

How to reproduce:

# Server

cat > /etc/pf.conf <<_EOF
nat-anchor      "authpf/*"
rdr-anchor      "authpf/*"
binat-anchor    "authpf/*"
anchor          "authpf/*"
_EOF

mkdir -p /etc/authpf/users/authpfuser1/

touch /etc/authpf/authpf.conf

mount -t fdescfs none /dev/fd

cat > /etc/authpf/users/authpfuser1/authpf.rules <<_EOF
nat pass on vtnet0 inet proto tcp from \$user_ip to any port 80 -> (vtnet0)
_EOF

kldload pf

pfctl -e -f /etc/pf.conf

pw user add authpfuser1 -s /usr/sbin/authpf -m -d /home/authpfuser1
passwd authpfuser1

# Client

ssh authpfuser1@server

---

Best Regards,

Chris

-- 
You are receiving this mail because:
You are the assignee for the bug.