[TriLUG] looking for linux solution similar to openbsd's authpf

Sean Alexandre sean at alexan.org
Mon Sep 16 10:35:15 EDT 2013


On Sun, Sep 15, 2013 at 06:23:27PM -0400, Dewey Hylton wrote:
> > Subject: [TriLUG] looking for linux solution similar to openbsd's authpf
> > 
> > my google-fu is lacking, though all my searches to date have included the
> > authpf keyword so i'm likely excluding all the right answers.
> > recommendations?
> > 
> > pretty much all my firewall expertise from the past 8-10 years involves
> > openbsd's pf, so i assume there's a lot to catch up on in the iptables
> > world ...
> 
> sorry - i hit 'send' too soon ...
> 
> here's the desired outcome ... by default, iptables on server X blocks access
> to port Y. i successfully login to server X via ssh, and iptables gets
> updated to allow me (my ip) to pass through on port Y.

Shorewall might give you what you're looking for, with rules based on uid-owner.

I have a small Debian gateway/firewall and use shorewall to manage the firewall
(iptables) rules. It really simplifies things.

The man page for shorewall has a section on rules based on USER/GROUP:
http://www.shorewall.net/manpages/shorewall-rules.html

That said, I'm not too familiar with authpf so don't know how close this comes
to what you need.



More information about the TriLUG mailing list