Source-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: [netbsd-9] src/share/examples/npf



Module Name:    src
Committed By:   martin
Date:           Tue Nov 19 10:56:35 UTC 2019

Modified Files:
        src/share/examples/npf [netbsd-9]: soho_gw-npf.conf

Log Message:
Pull up following revision(s) (requested by sevan in ticket #444):

        share/examples/npf/soho_gw-npf.conf: revision 1.13
        share/examples/npf/soho_gw-npf.conf: revision 1.14
        share/examples/npf/soho_gw-npf.conf: revision 1.15
        share/examples/npf/soho_gw-npf.conf: revision 1.16
        share/examples/npf/soho_gw-npf.conf: revision 1.17
        share/examples/npf/soho_gw-npf.conf: revision 1.18
        share/examples/npf/soho_gw-npf.conf: revision 1.19
        share/examples/npf/soho_gw-npf.conf: revision 1.20

Drop the final keyword to use the default policy of last matching rule wins
default policy is to blockall

Add descriptions for all rules and make use of localnet variable in
place of direct IP address
improve description

pastos

Passive FTP works as a client without this and we're not hosting an FTP
server (port are not listed in services_tcp)

Add support for blacklistd

Rename the block table to something else to make it easier to differentiate
between action and name. Use this table as the example for populating by
npfctl.

Drop the int-block table, it's quite cumbersome to have a firewall which
needs the internal network lists added if reboot. Use the localnet
variable to indicated which network we should pass in traffic from instead.


To generate a diff of this commit:
cvs rdiff -u -r1.12 -r1.12.2.1 src/share/examples/npf/soho_gw-npf.conf

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.




Home | Main Index | Thread Index | Old Index