NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
kern/51818: npfctl doesn't handle multiple i/f names in group statements
>Number: 51818
>Category: kern
>Synopsis: npfctl doesn't handle multiple i/f names in group statements
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: kern-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Wed Jan 11 00:35:00 +0000 2017
>Originator: Paul Goyette
>Release: NetBSD 7.99.53
>Organization:
+------------------+--------------------------+------------------------+
| Paul Goyette | PGP Key fingerprint: | E-mail addresses: |
| (Retired) | FA29 0E3B 35AF E8AE 6651 | paul at whooppee.com |
| Kernel Developer | 0786 F758 55DE 53BA 7731 | pgoyette at netbsd.org |
+------------------+--------------------------+------------------------+
>Environment:
System: NetBSD speedy.whooppee.com 7.99.53 NetBSD 7.99.53 (SPEEDY 2016-12-31 23:00:24) #1: Sun Jan 1 01:39:34 UTC 2017 paul%speedy.whooppee.com@localhost:/build/netbsd-local/obj/amd64/sys/arch/amd64/compile/SPEEDY amd64
Architecture: x86_64
Machine: amd64
>Description:
Following the example /usr/share/examples/blacklistd/npf.conf I created the
following:
# Transparent firewall example for blacklistd
$ext_if = { wm0, tun0 }
set bpf.jit on;
alg "icmp"
group "external" on $ext_if {
ruleset "blacklistd"
pass final all
}
group default {
pass final all
}
After enabling npf, I see filter rules only on wm0, nothing for the tunnel:
{150} /etc/rc.d/npf restart
Disabling NPF.
Enabling NPF.
{151} npfctl show
# filtering: active
# config: loaded
group "external" on wm0
ruleset "blacklistd" all
pass final all
group
pass final all
{152}
>How-To-Repeat:
See above
>Fix:
>Unformatted:
Home |
Main Index |
Thread Index |
Old Index