Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1   (View Single Post)  
Old 8th May 2012
kbeaucha kbeaucha is offline
Port Guard
Join Date: May 2008
Posts: 36
Default authpf, authpf.rules unable to modify filters

Hello all:

I am wondering if anyone has seen symptoms like these.

I use authpf to open access to users who authenticate to our firewall. Since we have many different groups to manage, I have created /etc/authpf/users/Templates where I keep rulesets for the different groups and then in individual users' /etc/authpf/users/Username directories I just create a symbolic link to the appropriate file in Templates. It's worked for quite a while.

Today a user called and said that their putty session would close immediately after they had logged in. In /var/log/daemon I saw:

May 8 11:47:02 our-fw authpf[14121]: pfctl exited abnormally

First I logged in with my authpf account and had no trouble getting authenticated. Since my account links to a different ruleset file, I then created an account that linked to the same ruleset as my other user and got this when I logged in:

pfctl: DIOCXCOMMIT: Device busy
Unable to modify filters

After some tinkering, it seems that if I have a table defined in the authpf ruleset file, pfctl can't load the changes.

I suspect that if I reboot our firewall, this will go away but I'd like to see if I can diagnose the problem better. Any suggestions on other things to investigate?


Last edited by kbeaucha; 8th May 2012 at 08:33 PM. Reason: correct typo.
Reply With Quote

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
authpf setup dbach OpenBSD General 14 19th January 2013 04:25 AM
transparent firewall & authpf? ll2ollvll3o OpenBSD General 2 10th April 2012 12:42 AM
Configuring authpf freebsd kasse FreeBSD General 0 7th February 2009 12:32 PM
Exempting clients from AuthPF Kristijan NetBSD Security 1 12th July 2008 12:09 AM
Modify host-level firewall rules (without getting locked out) anomie Guides 13 16th June 2008 04:26 AM

All times are GMT. The time now is 11:20 PM.

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick