[pf4freebsd] Re: Authenticating gateway
Max Laier
max at love2party.net
Wed Sep 15 20:52:07 PDT 2004
Hello Tom,
Monday, September 29, 2003, 4:09:17 PM, you wrote:
TD> is there an easy-to-implement way to have the gateway authenticate
TD> each outbound connection? Somewhat like authpf, but
TD> 1. authenticate to gateway
TD> 2. gateway adds rule
TD> 3. one (1) outbound connection
TD> 4. gateway removes the rule, but keeps the state entries
Hmmm ... sound a bit obscure to me. How would you make sure that the
same user does not re-authenticate and opens another connection?
I'd go for the following approach:
1. Authenticate
2. Add a rule with "(max 1)" (see the "STATEFUL TRACKING OPTIONS"
section of pf.conf(5)). This way you can make sure that you really
get one connection per user.
3. One outbound connection at a time ... that's not 100% what you asked
for, though.
4. No need to remove the rule, as the user can't create more than one
connection.
I hope this matches your needs.
--
Best regards,
Max mailto:max at love2party.net
More information about the freebsd-pf
mailing list