diff options
| author | Jason McIntyre <jmc@cvs.openbsd.org> | 2004-09-15 23:24:14 +0000 |
|---|---|---|
| committer | Jason McIntyre <jmc@cvs.openbsd.org> | 2004-09-15 23:24:14 +0000 |
| commit | 2dd658cba6b794e812536f9acda89fbfa98fac3b (patch) | |
| tree | 13bafd6b1a6438e3a2aab8c7dc7da7c3ec377989 | |
| parent | fa3cf0922794c85b6cbdb877521cf5977ee648a3 (diff) | |
AllowTcpForwarding should be disabled for authpf users;
plus a typo;
from michael knudsen;
ok beck@
| -rw-r--r-- | usr.sbin/authpf/authpf.8 | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/usr.sbin/authpf/authpf.8 b/usr.sbin/authpf/authpf.8 index 459fbd04643..216807e1919 100644 --- a/usr.sbin/authpf/authpf.8 +++ b/usr.sbin/authpf/authpf.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: authpf.8,v 1.36 2004/08/15 10:40:50 canacar Exp $ +.\" $OpenBSD: authpf.8,v 1.37 2004/09/15 23:24:13 jmc Exp $ .\" .\" Copyright (c) 2002 Bob Beck (beck@openbsd.org>. All rights reserved. .\" @@ -231,9 +231,15 @@ it becomes unresponsive, or if arp or address spoofing is used to hijack the session. Note that TCP keepalives are not sufficient for this, since they are not secure. +Also note that +.Ar AllowTcpForwarding +should be disabled for +.Nm +users to prevent them from circumventing restrictions imposed by the +packet filter ruleset. .Pp .Nm -will remove statetable entries that were created during a user's +will remove state table entries that were created during a user's session. This ensures that there will be no unauthenticated traffic allowed to pass after the controlling |