Re: NPF syntax

To: Mindaugas Rasiukevicius <rmind%netbsd.org@localhost>
Subject: Re: NPF syntax
From: "J. Lewis Muir" <jlmuir%imca-cat.org@localhost>
Date: Wed, 18 Mar 2015 10:33:09 -0500

On 3/17/15 6:34 PM, Mindaugas Rasiukevicius wrote:

Hi, Mindaugas.

First, let me say thank you for your excellent work on NPF!

> "D'Arcy J.M. Cain" <darcy%NetBSD.org@localhost> wrote:
>> I have decided to give up on pf after banging my head against
>> the wall (and the OBSD mailing list) and try npf but I
>> can't figure out the syntax.  I followed the example at
>> http://www.netbsd.org/~rmind/npf/ but I keep getting errors when I
>> validate.  I reduced npf.conf to the following two lines:
>
> It looks like you are using the netbsd-6.  The documentation is for
> the netbsd-7/current.  NPF in netbsd-6 does not support table naming
> so you have to use numbers.  It does not autoload ALGs, so you can
> skip that line and modload npf_alg_icmp manually.

Is there ~rmind/npf documentation for NPF in NetBSD 6?

I've run into the same problem when trying to learn NPF and finding that
the documentation did not apply to what I had (netbsd-6 stable branch).
I ended up using the ~rmind/npf documentation along with the man pages
from netbsd-6 to figure out what parts of ~rmind/npf did not apply to
netbsd-6 or had been renamed, etc.

> NPF in netbsd-6 is very old by now; netbsd-7 has many fixes as well as
> improvements and I strongly recommend to use that.

I can certainly understand that, but NetBSD 7 has not been released yet.
It doesn't seem reasonable to expect people to run -current or 7.0_BETA
in production.

Regards,

Lewis

Follow-Ups:
- Re: NPF syntax
  - From: Mindaugas Rasiukevicius

References:
- NPF syntax
  - From: D'Arcy J.M. Cain
- Re: NPF syntax
  - From: Mindaugas Rasiukevicius

Prev by Date: Re: npf and multiple maps based on destination address
Next by Date: Re: net.inet.tcp.tso=0
Previous by Thread: Re: NPF syntax
Next by Thread: Re: NPF syntax
Indexes:

Home | Main Index | Thread Index | Old Index