[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Playing with a webversion of authpf.

To: tech@openbsd.org
Subject: Playing with a webversion of authpf.
From: raymond@dyn.org
Date: Tue, 3 Jun 2003 06:43:18 +0000
User-Agent: Internet Messaging Program (IMP) 3.1

Hi there,

for a project I'm working on a NPH webversion of authpf, based heavily on the
code of authpf. It is supposed to be the open source counterpart for Cisco Pix
and Nokia FW1 userbased rulesets which uses HTTP for authentication (I want to
use HTTPS ofcourse).

I'm running into some small problems though and maybe you can help me.


What's going okay:

nph-authpf can recognize source IP and username based on CGI parameters.
It will load the rules in an anchor

What's not okay:

The rules are not activated, whereas the rules do work when it's used by authpf.

Here are the results:

No authpf's.

pfctl -s Anchor
0 anchors:

Activated nph-authpf

pfctl -s Anchor
1 anchors:
  nph-authpf
pfctl -a nph-auth -s rules
block drop in quick inet from 172.16.1.42 to any

But this rule does not work in nph-authpf and does in authpf.

Sourcecode will be sent on request since I don't want to blog the mailinglist.


Thank you,


Raymond.

Prev by Date: Re: dc and hme drivers: no way to set MTU?
Next by Date: snapshot booting problem for spar64
Prev by thread: Re: porting PAM
Next by thread: snapshot booting problem for spar64
Index(es):
- Date
- Thread