From owner-freebsd-questions@FreeBSD.ORG  Tue Mar  1 14:38:04 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id AB2FD16A4CE
	for <freebsd-questions@freebsd.org>;
	Tue,  1 Mar 2005 14:38:04 +0000 (GMT)
Received: from nef2.ens.fr (nef2.ens.fr [129.199.96.40])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 82C1243D5C
	for <freebsd-questions@freebsd.org>;
	Tue,  1 Mar 2005 14:38:03 +0000 (GMT)
	(envelope-from Jacques.Beigbeder@ens.fr)
Received: from trefle.ens.fr (trefle.ens.fr [129.199.96.17])
	j21Ec2Ul068875          for <freebsd-questions@freebsd.org>;
	Tue, 1 Mar 2005 15:38:02 +0100 (CET)
Received: from (beig@localhost) by trefle.ens.fr (8.12.3/jb-1.1)
X-Authentication-Warning: trefle.ens.fr: beig set sender to
	Jacques.Beigbeder@ens.fr using -f
Date: Tue, 1 Mar 2005 15:38:02 +0100
From: Jacques Beigbeder <Jacques.Beigbeder@ens.fr>
To: FreeBSD Mailing List <freebsd-questions@freebsd.org>
Message-ID: <20050301143802.GA16148@trefle.ens.fr>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
User-Agent: Mutt/1.5.5.1i
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-1.5.10
	(nef2.ens.fr [129.199.96.32]); Tue, 01 Mar 2005 15:38:02 +0100 (CET)
Subject: authpf on FreeBSD 5.3
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Mar 2005 14:38:04 -0000

Hello,

Kernel (the standard one, from CD distribution):
FreeBSD mybox.ens.fr 5.3-RELEASE FreeBSD 5.3-RELEASE #0: Fri Nov  5 04:19:1=
8 UTC 2004
     root@harlow.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  i386

I fail to have authpf working on FreeBSD 5.3.

I setup a pf.conf file ending with:
	anchor "authpf/*"

'pfctl -sr' displays correctly:
	[ ... ]
	anchor authpf/* all

'pfctl -a authpf -s rules' displays:
	No rulesets in anchor 'authpf'.

I run an ssh on a client, and then 'pfctl -a authpf -s rules' displays:
(a poor rule just for test):
	pass in quick on bge1 inet proto tcp from 1.2.3.4 to any
But a connection from 1.2.3.4 fails.
( connections means 'ssh' with numeric IP )

But if I add exactly (cut & paste) this rule to /etc/pf.conf,
and I reload (pfctl -f /etc/pf.conf), connections from 1.2.3.4
works.

Where is my mistake?

Thanks in advance,

--
Jacques Beigbeder                    |  Jacques.Beigbeder@ens.fr
Service de Prestations Informatiques |     http://www.spi.ens.fr
Ecole normale sup=E9rieure             |
45 rue d'Ulm                         |Tel : (+33 1)1 44 32 37 96
F75230 Paris cedex 05                |Fax : (+33 1)1 44 32 20 75