Quote:
Originally Posted by jggimi
It's not a mess. It is readable, and your intent is understandable. - Your main ruleset is missing an anchor point, so the anchor rules are never applied. See Linking authpf into the Main Ruleset in the PF User's Guide chapter, and the example configuration in the same page, for anchor point use examples.
- Your authpf rules do not use $user_ip or $user_id. A single authpf session will pass all outbound traffic for $allowed_tcp_ports.
|
So the anchor is linked. With the other point would this be correct:
/etc/authpf/users/myuser/authpf.rules
Code:
pass out on $intif inet proto tcp from $user_ip to any port $allowed_tcp_ports