authpf, authpf.rules unable to modify filters

[kbeaucha]

Hello all:

I am wondering if anyone has seen symptoms like these.

I use authpf to open access to users who authenticate to our firewall. Since we have many different groups to manage, I have created /etc/authpf/users/Templates where I keep rulesets for the different groups and then in individual users' /etc/authpf/users/Username directories I just create a symbolic link to the appropriate file in Templates. It's worked for quite a while.

Today a user called and said that their putty session would close immediately after they had logged in. In /var/log/daemon I saw:

May 8 11:47:02 our-fw authpf[14121]: pfctl exited abnormally

First I logged in with my authpf account and had no trouble getting authenticated. Since my account links to a different ruleset file, I then created an account that linked to the same ruleset as my other user and got this when I logged in:

pfctl: DIOCXCOMMIT: Device busy
Unable to modify filters

After some tinkering, it seems that if I have a table defined in the authpf ruleset file, pfctl can't load the changes.

I suspect that if I reboot our firewall, this will go away but I'd like to see if I can diagnose the problem better. Any suggestions on other things to investigate?

thx
kmb