IntroductionGatepf is an SSH-based authenticating daemon inspired by authpf, a user shell for authenticating gateways. As authpf, it uses SSH protocol for user authentication, and the pf's anchors mechanism.
Why not Authpf?While authpf utilizes rather sensible "do not reinvent the wheel" approach, taking advantage of the SSH protocol's reliability and the pf firewall's flexibility, increasing it's capabilities looks worthwhile. Sometimes some additional actions need to be performed besides loading pf anchors (e. g. writing logs, or reloading the whole firewall ruleset). Moreover, performing these acions may require the root credentials. Is could be done by hacking authpf as described here (russian text). However, I find that approach rather inaccurate and inefficient. Merging authentication itself (OpenSSH) with corresponding actions (authpf) into a single daemon increases integrity and maintainability. So, users that need to be able to authenticate themselves to gateway still can use SSH in traditional way, with their favorite shells. Using gatepf allows to display some more complex information to users, then a single text message. It could be latest news, account status, etc., and add some interactiveness.
DocumentationCurrently there is no documentation available.
PortabilityThe application is developed and tested on FreeBSD. Also it should work on any system that is able to run OpenSSH and has ported pf (basically on BSD-like systems). Despite of that, I don't intend to make sure that it does work on such systems. Anyway, portability patches are welcome.
Release InformationCurrently there are no releases available. Meanwhile I am familiarizing myself with the sources of OpenSSH and authpf, which will be the primary base of gatepf.
These details are provided for information only. No information here is legal advice and should not be used as such.