View Single Post
  #4   (View Single Post)  
Old 2nd July 2014
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

Quote:
Originally Posted by EverydayDiesel View Post
So if the web service was running on the same machine i would just put 127.0.0.1 for the auth_web variable?
yes
Quote:
The best I can tell this table is created in memory and maintained by openbsd as long as I add this line to my pf.conf. If someone logs on via ssh then somehow it will know to add the user to this table?
yes
Quote:
Being that is the case, I would say that the variable needs to be $ext_if instead of an external ip address.?.
I would think it depends upon your needs. The syntax of those final two rules use from and to with IP addresses. You can only use an interface with modifiers that translate to blocks of addresses or special addresses: :network, :broadcast, or :peer. If you want to block an interface, you need to use the on <interface> option.
Quote:
Unfortunately I have been stuck on creating tables. I have been reading and I am trying to understand how to implement them better before I actually do one.
Practice. Play on an OpenBSD workstation, or in a virtual machine. You'll figure it out more easily if you have one.
Quote:
The best I can tell some are created in memory and defined in the actual config file and others are files that are saved on the hard drive.
They are all maintained in memory. There are four ways to add addresses to tables:
  1. Scripted within a pf.conf directly, from a list.
  2. Read in from a file named in a pf.conf.
  3. Added by pfctl command
  4. Read in from a file via a pfctl command.
Reply With Quote