> # cat /etc/authpf/users/cyoub/authpf.rules
> external_if = "bge0"
> internal_if = "bge1"
> pass in quick on $external_if from $user_ip to 172.16.0.0/22
> pass in quick on $external_if from $user_ip to 172.16.4.0/22
> pass in quick on $external_if from $user_ip to 172.16.8.0/22 <-- I add this
> after I authenticate.
>
> cyoub 18023 0.0 0.1 488 800 p2 Ss+ 3:53PM 0:00.04 -authpf:
> [EMAIL PROTECTED] (authpf)
>
> 1) I authenticate via ssh
> 2) I access my now available IP resources
> 3) My authpf.rules file gets newly updated while I'm logged in
> 4) I cannot access my newly updated IP resources
> 5) I "kill -TERM 18023", or if I "kill -HUP 18023" and kill my session
> 6) I re-authenticate via ssh
> 7) I access my now available IP resources AND my newly updated IP resources
>
> How can I skip #4-6?
Use the authpf_users table instead of adding rules for this.
in your main ruleset:
table <authpf_users> persist.
pass in quick on $external_if from <authpf_users> to 172.16.0.0/22
pass in quick on $external_if from <authpf_users> to 172.16.4.0/22
pass in quick on $external_if from <authpf_users> to 172.16.8.0/22
then pfctl -f /etc/pf.conf when you add a rule like that
authpf maintains who is in that table
-Bob
