Setup:
OpenBSD 3.8 using authpf is control individual user access.
Users authenticate by logging in with ssh and obtain access to praticular IP
addresses.

Problem:
If we change the users rulesets while they're logged in, these changes won't
be reflected until they log back in.
Is there a way to update the rules without killing the users authpf instance
and having them log back in?

Example:

# cat /etc/authpf/users/cyoub/authpf.rules
external_if = "bge0"
internal_if = "bge1"
pass in quick on $external_if from $user_ip to 172.16.0.0/22
pass in quick on $external_if from $user_ip to 172.16.4.0/22
pass in quick on $external_if from $user_ip to 172.16.8.0/22 <-- I add this
after I authenticate.

cyoub    18023  0.0  0.1   488   800 p2  Ss+    3:53PM    0:00.04 -authpf:
[EMAIL PROTECTED] (authpf)

1) I authenticate via ssh
2) I access my now available IP resources
3) My authpf.rules file gets newly updated while I'm logged in
4) I cannot access my newly updated IP resources
5) I "kill -TERM 18023", or if I "kill -HUP 18023" and kill my session
6) I re-authenticate via ssh
7) I access my now available IP resources AND my newly updated IP resources

How can I skip #4-6?
-- 
View this message in context: 
http://www.nabble.com/authpf---update-user-rules-without-kicking-them-out-tf3370107.html#a9377193
Sent from the openbsd user - misc mailing list archive at Nabble.com.

Reply via email to