[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: authpf working p2

To: misc@openbsd.org
Subject: Re: authpf working p2
From: Rudolfo Munguia <rudog@primenet.com>
Date: Mon, 24 Jun 2002 00:30:47 -0700 (MST)

Just another small change in the authpf man page; the statement
'port' must be outside the {}.

rudog@primenet.com
'If you're not living on the edge, then you're taking up too much space'

On Sun, 23 Jun 2002, Rudolfo Munguia wrote:

> Hello again,
> 
> First, Thanks to Chris Kuethe for pointing out that the ExtInt needed to
> be declared inside the authpf.rules file and also for sending me an
> example of a working rule that contradicted the authpf man page:
> 
> from authpf man page:
> 
> pass in quick log on $internal_if proto tcp from $user_ip/32 to any \
>       { port 21, 22, 80, 443 } flags S/SA
> 
> from Chris Kuethe example:
> 
> pass in log quick proto tcp  from $user_ip to any flags S/SA keep state
> 
> The key here being that the 'log' statement must come before 'quick' in
> order for authpf not to barf. This is shown correctly in the pf.conf man
> page as "block in log quick....",however I didn't notice this subtle flaw
> in the authpf man page until I received the example shown above.
> 
> Second, Could somebody PLEASE change the authpf man page to reflect this?
> 
> rudog@primenet.com
> 'If you're not living on the edge, then you're taking up too much space'

References:
- authpf working
  - From: Rudolfo Munguia <rudog@primenet.com>

Prev by Date: Re: Booting Tyan Thunder K7 with onboard SCSI (AIC-7899W) [RESOLVED]
Next by Date: Re: Installing via FTP
Prev by thread: authpf working
Next by thread: Alphaserver 800 (DEC_1000A kernel option)
Index(es):
- Date
- Thread