NetBSD-Users archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: npf and multiple maps based on destination address
Harry Waddell <waddell%caravaninfotech.com@localhost> wrote:
>
> I'm trying to have npf ( on the latest netbsd 7 beta )
> map address onto either an internal dmz network based on the
> destination address being in a fairly large table ( several hundred
> entries ) or map to the WAN address otherwise, e.g. as
>
> map vlan200 dynamic $mesh_nattable -> 10.8.200.1 pass from $mesh_nattable
> to <ngroutes> map $wan_if dynamic $wan_nattable -> $wan_if
>
> Since there's nothing in the syntax to indicate one can do a "map final",
> would something like this work and if so, which rule would get used, the
> first, the last, the most specific? Since this isn't in a group, I'm not
> sure how or if this will work at all.
Yes, that would work. Currently, map rules behave as "final" by default,
so you have a first-match. It is debatable what should be the default and
it could be made configurable via the extended "pass" syntax.
In any case, I should document this.
--
Mindaugas
Home |
Main Index |
Thread Index |
Old Index