Re: NPF does not recognize npflog0

[Pongthep Kulkrisada <ptkrisada%gmail.com@localhost>]

* Tomas Bodzar (tomas.bodzar%gmail.com@localhost) wrote:
> Maybe you want to read this
> http://www.feyrer.de/NetBSD/bx/blosxom.cgi/nb_20121017_2254.html
> Word final means final so that any other rules for such a traffic are
> not consulted.
I had read it many times since the beginning of my attempt.

> > I think it still has a few bugs.
> >
> > pass stateful out final family inet proto tcp flags S/SA from $ext_if apply 
> > "norm"
> > pass out final family inet proto tcp from $ext_if apply "norm"
> > pass stateful out final family inet from $ext_if apply "norm"
> >
> > These lines are placed at the bottom of the interface group. (last rule 
> > wins)
> > But it doesn't work as expect.
> > I did not ``block'' anything except for default group.
> > It still blocks all initiated outbound traffics.
> > The previous ``pass in'' in the same interface group work pretty fine.
> > At least httpd and sshd can be accessed from the other machines.
> > Maybe I'm wrong somewhere. I'm checking.
I tried commenting out all the lines in group excepted these three lines.
It still blocks all outbound traffic.
I also tried removing ``final'' from these lines.
It doesn't help.
Even if I ``pass'' everything in group (default),
(That is no ``block'' remained in my /etc/npf.conf.)
it still blocks all outbound traffic.

I think filtering rules are not the causes, should be something else.

Thanks,
-- 
Pongthep Kulkrisada
 
"UNIX is basically a simple operating system,
but you have to be a genius to understand the simplicity."
-- Dennis M. Ritchie