authpf, authpf.rules unable to modify filters
I am wondering if anyone has seen symptoms like these.
I use authpf to open access to users who authenticate to our firewall. Since we have many different groups to manage, I have created /etc/authpf/users/Templates where I keep rulesets for the different groups and then in individual users' /etc/authpf/users/Username directories I just create a symbolic link to the appropriate file in Templates. It's worked for quite a while.
Today a user called and said that their putty session would close immediately after they had logged in. In /var/log/daemon I saw:
May 8 11:47:02 our-fw authpf: pfctl exited abnormally
First I logged in with my authpf account and had no trouble getting authenticated. Since my account links to a different ruleset file, I then created an account that linked to the same ruleset as my other user and got this when I logged in:
pfctl: DIOCXCOMMIT: Device busy
Unable to modify filters
After some tinkering, it seems that if I have a table defined in the authpf ruleset file, pfctl can't load the changes.
I suspect that if I reboot our firewall, this will go away but I'd like to see if I can diagnose the problem better. Any suggestions on other things to investigate?
Last edited by kbeaucha; 8th May 2012 at 08:33 PM. Reason: correct typo.
|Thread||Thread Starter||Forum||Replies||Last Post|
|authpf setup||dbach||OpenBSD General||14||19th January 2013 04:25 AM|
|transparent firewall & authpf?||ll2ollvll3o||OpenBSD General||2||10th April 2012 12:42 AM|
|Configuring authpf freebsd||kasse||FreeBSD General||0||7th February 2009 12:32 PM|
|Exempting clients from AuthPF||Kristijan||NetBSD Security||1||12th July 2008 12:09 AM|
|Modify host-level firewall rules (without getting locked out)||anomie||Guides||13||16th June 2008 04:26 AM|