[pf4freebsd] Re: Using authpf

Wed Sep 15 20:55:08 PDT 2004

On Sat, Oct 25, 2003 at 09:25:31AM +0200, novocaine at free.fr wrote:
 > Quoting Pyun YongHyeon <yongari at kt-is.co.kr>:
 > 
 > > BTW, I authenticaed successfylly but got the following errors from
 > > authpf.(running on -CURRENT)
 > 
 > Thanks I had it working. It seems my authpf.rules was wrong. I also had to
 > create /var/authpf.
 > 
 > > 
 > > 
 > > Oct 25 15:33:39 db authpf[693]: DIOCCOMMITRULES Invalid argument
 > > Oct 25 15:33:39 db authpf[693]: removed 192.168.10.6, user pfuser - duration
 > > 1067063619 seconds
 > > Oct 25 15:33:39 db authpf[693]: cannot unlink /var/authpf/192.168.10.6
 > > (Permission denied)

The above error was false alarm. authpf works like a charm.
The unlink error message came from my incorrect install.
authpf binary should have authpf gid.

 > 
 > I have the same error, it seems harmless. Authpf is working as expected.
 > 
It's NOT harmless.
If you still see the above error message, your setup is not
correct or there might be an another bugs in authpf. Make sure
authpf executable shoule be read as the following.

db# ls -al /usr/sbin/authpf 
-r-sr-sr-x  1 root  authpf  125400 Oct 25 15:30 /usr/sbin/authpf

(Of course, if you installed authpf from port, authpf will
reside in /usr/local/sbin directory.)
And directory /var/authpf should have a mode '0770',
its uid should be 'root' and its gid should be 'authpf'.

Normally you should see the following messages in your
/var/log/authpf.

...
Oct 27 14:39:37 db authpf[529]: allowing 192.168.10.6, user pfuser
Oct 27 14:45:53 db authpf[529]: removed 192.168.10.6, user pfuser - duration 376 seconds

After authenticating yourself, you can see applied rule set by authpf
with 'pfctl -a authpf -vvsr'.

 > Thanks again!
 >                           - Olivier
 > 

-- 
Pyun YongHyeon <http://www.kr.freebsd.org/~yongari>