This list tends to favor those who do at least some basic homework before asking redundant questions. Had you read the authpf man page or searched the list archives, you would have certainly realized that what you are describing is EXACTLY the intended behavior, in other words, your system is working exactly as it was designed.
Regarding your follow-up question: OpenBSD pf is a very powerful firewall sub-system and supports a number of viable work-arounds to accomplish what you want. However, unless you are offering to pay market-rate consulting fees, do not expect anyone on this list to do your research for you. On 23 Dec 2008 at 8:12, Derek wrote: > Hello, > > Seeing that nobody is answering to the question below I'd add: Is there > anybody who uses authpf in the same scenario? Does it behave like in my > case? Any suggestion to keep the states for the user after he/she closes the > session? > > Thank you. > > On Wed, Dec 17, 2008 at 1:46 PM, Derek <derekmail...@gmail.com> wrote: > > > Hi list, > > > > I'm using authpf to allow external users to access to certain restricted > > services within our network. This network hosts public services as well, > > this is services which are open to all internet. > > > > The thing is that after some tests I realized that a client who has an > > authpf session opened and uses both, the autpf-protected service and the > > public service, gets disconnected of all services when he/she closes the > > authpf session. > > > > Looking a little bit closer I can see that all the states created by an IP > > address are removed when the user from that IP closes the authpf session so > > the states created by the authpf rules but also the ones created by the > > "regular" pf.conf rules disappear from the table. > > > > I guess that this is because there is only one states table and it could be > > difficult to know which states are genereated by which rules. > > > > The question is, is there any plan to label or mark the states so will be > > possible in the future for the non-authpf states to survive the authpf > > session? > > > > Thank you all. > > > > Derek.
