View Single Post
  #9   (View Single Post)  
Old 10th July 2019
calanon calanon is offline
Port Guard
 
Join Date: Jul 2019
Posts: 38
Default

Quote:
Originally Posted by jggimi View Post
It's not a mess. It is readable, and your intent is understandable.
  • Your main ruleset is missing an anchor point, so the anchor rules are never applied. See Linking authpf into the Main Ruleset in the PF User's Guide chapter, and the example configuration in the same page, for anchor point use examples.
  • Your authpf rules do not use $user_ip or $user_id. A single authpf session will pass all outbound traffic for $allowed_tcp_ports.
So the anchor is linked. With the other point would this be correct:

/etc/authpf/users/myuser/authpf.rules

Code:
pass out on $intif inet proto tcp from $user_ip to any port $allowed_tcp_ports
Reply With Quote