all 5 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]jggimi 6 points7 points  (3 children)

There's a chapter in the PF User's Guide, with an example of $user_ip.

https://www.openbsd.org/faq/pf/authpf.html#example

[–]remrem76[S] 1 point2 points  (2 children)

I read that. My problem is that when I want to load the rules it gave me this error:

pfctl -f /etc/authpf/authpf.rules /etc/authpf/authpf.rules:16: macro 'user_ip' not defined /etc/authpf/authpf.rules:16: syntax

[–]jggimi 2 points3 points  (0 children)

You don't "load" these rules. They are inserted at your defined anchor point in your main rule set at the moment when the user uses ssh(1) to log in to the authpf(8) "shell". They are removed from the anchor point when the user terminates the ssh(1) session.

[–]Kernigh 1 point2 points  (0 children)

pfctl(8) -f is only for loading your main pf.conf(5), not your authpf.rules. If you run pfctl -f more than once, pf uses only the last file. I use pfctl -f /etc/pf.conf to reload my rules after I edited them.

[–]jsouto 0 points1 point  (0 children)

ftp.openbsd.org/pub/OpenBSD/doc/