From owner-freebsd-questions@FreeBSD.ORG  Wed Sep 20 20:04:47 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 94BFE16A624
	for <freebsd-questions@freebsd.org>;
	Wed, 20 Sep 2006 20:04:47 +0000 (UTC) (envelope-from peter@bgnett.no)
Received: from skapet.datadok.no (skapet.datadok.no [194.54.107.19])
	by mx1.FreeBSD.org (Postfix) with ESMTP id DF7DD43E49
	for <freebsd-questions@freebsd.org>;
	Wed, 20 Sep 2006 20:04:24 +0000 (GMT) (envelope-from peter@bgnett.no)
Received: from [10.168.103.3] (helo=amidala.kakemonster.bsdly.net.bsdly.net
	ident=peter) by skapet.datadok.no with esmtp (Exim 4.60)
	(envelope-from <peter@bgnett.no>)
	id 1GQ8Ix-0006sK-US; Wed, 20 Sep 2006 22:04:24 +0200
To: Noah <admin2@enabled.com>
References: <450C7555.6050502@enabled.com>
	<87eju9niiq.fsf@amidala.kakemonster.bsdly.net>
	<45117DC7.9010406@enabled.com>
From: peter@bgnett.no (Peter N. M. Hansteen)
Date: Wed, 20 Sep 2006 22:04:22 +0200
In-Reply-To: <45117DC7.9010406@enabled.com> (Noah's message of "Wed,
	20 Sep 2006 13:43:35 -0400")
Message-ID: <87y7se9uex.fsf@amidala.kakemonster.bsdly.net>
User-Agent: Gnus/5.1007 (Gnus v5.10.7) XEmacs/21.4.17 (berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Cc: freebsd-questions@freebsd.org
Subject: Re: ipfw and temporary port access
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Sep 2006 20:04:47 -0000

Noah <admin2@enabled.com> writes:

> authpf needs ssh access which is not something we have universally
> open - is there a way to integrate authpf without  granting ssh
> access?

Out of the box, no.  Then again, you only need ssh in to the
authenticating gateway.  It's up to you to decide which OpenSSH
supported authentication methods you require before loading the rules
which actually let traffic through.

Cheers,
-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/
"First, we kill all the spammers" The Usenet Bard, "Twice-forwarded tales"
20:11:56 delilah spamd[26905]: 146.151.48.74: disconnected after 36099 seconds