[pf4freebsd] Re: Using authpf
novocaine at free.fr
novocaine at free.fr
Wed Sep 15 20:55:13 PDT 2004
Quoting Pyun YongHyeon <yongari at kt-is.co.kr>:
> > > Oct 25 15:33:39 db authpf[693]: DIOCCOMMITRULES Invalid argument
> > > Oct 25 15:33:39 db authpf[693]: removed 192.168.10.6, user pfuser -
> duration
> > > 1067063619 seconds
> > > Oct 25 15:33:39 db authpf[693]: cannot unlink /var/authpf/192.168.10.6
> > > (Permission denied)
>
> The above error was false alarm. authpf works like a charm.
> The unlink error message came from my incorrect install.
> authpf binary should have authpf gid.
I had the same problem. authpf was in the wheel group. Now that it is corrected,
I don't have the unlink error anymore.
> If you still see the above error message, your setup is not
> correct or there might be an another bugs in authpf. Make sure
> authpf executable shoule be read as the following.
>
> db# ls -al /usr/sbin/authpf
> -r-sr-sr-x 1 root authpf 125400 Oct 25 15:30 /usr/sbin/authpf
You were right!
>
> (Of course, if you installed authpf from port, authpf will
> reside in /usr/local/sbin directory.)
> And directory /var/authpf should have a mode '0770',
> its uid should be 'root' and its gid should be 'authpf'.
I installed authpf from ports.
>
> Normally you should see the following messages in your
> /var/log/authpf.
>
> ...
Got :
Oct 27 20:16:56 banquo authpf[38763]: allowing xxxxxxxxxx, user gatekeeper
Oct 27 20:17:08 banquo authpf[38763]: removed xxxxxxxxx, user gatekeeper -
duration 12 seconds
no more error.
>
> After authenticating yourself, you can see applied rule set by authpf
> with 'pfctl -a authpf -vvsr'.
Yes it works as expected.
Thanks,
- Olivier
More information about the freebsd-pf
mailing list