2007. May 6. 18:45, Berk D. Demir: > Daniel wrote: > > Hi! > > > > My ISP provides me ADSL service with daily changing ip. Still I > > must somehow control the access to my postgresql server, to only > > accept connections from my computer. Is it possible to specify a > > hostname (my hostname, which gets updated at every ip change) in > > pf.conf and somehow tell pf to don't try to translate it when > > loading the rule, but try to lookup the hostname on every > > connections attempt? > > > > Is this sane/possible? > > It's not possible without executing pfctl repeatedly. > > pf(4) operates at OSI Layers 3 and 4. Making a DNS query is a Layer 7 > operation and handled by pfctl(8), which is the userland controller > and configuration parser for pf(4). > > Instead of relying on IP addresses, you can use authpf(8). Which > won't limit you to work just from home when you can authenticate via > ssh from anywhere. > > Using authpf is a more convenient and secure approach. So use it.
I would like to, but here is my problem: I need to create a new user on the server which will have the /usr/sbin/authpf as it's shell. So now I have user1 (my regular account on that server, with a normal shell) and user1_authpf (the authpf account). But I'm connecting to the user1_authpf account from the same machine that I'm using for everything else, so after disconnecting with the authpf account, other connections (eg. imap, ftp, ssh) are closing too. I understand that authpf removes the rules and states related to the connecting ip address, so I think this is normal, but is not good for me. Any ideas for this? Thanks! Daniel
