Re: Packet filtering issues (both NPF and PF)

[christos%astron.com@localhost (Christos Zoulas)]

In article <20151026132620.GB34%gmail.com@localhost>,
Pongthep Kulkrisada  <ptkrisada%gmail.com@localhost> wrote:
>I'm running NetBSD on Macbook Air (core i5-64 bits).
>I have 2 issues about PF and NPF.
>
>1.	Previously, I ran 6.1_STABLE on port i386.
>	Right after updating from src to 7.0, NPF reported errors at booting.
>	After I read man pages, I had to edit /etc/npf.conf to comply with 7.0.
>	And it was still exactly the same NPF rules as when I was on 6.x.
>	I rebooted. Once it reached npf portion in /etc/rc.conf, the system crashed
>	with many lines of green error messages. (I don't know how to log it.)
>
>2.	So I switched to 7.0 on port amd64 (fresh install from iso).
>	This time NPF works pretty fine. But PF doesn't work.
>	(Yes, I test both packet filters.)
>	I have been using this /etc/pf.conf since NetBSD 5.x, and never changed it.
>	Rebooting succeed; I can issue any commands without using network.
>	But whenever I use network e.g. lynx or even ping, the system crashes
>	with many lines of green error messages.
>
>Are there anyone encountering these problems, or having any workaround?
>At the moment, I only have 7.0 on port amd64. So now I need workaround
>for item 2 only.
>Are there any major changes in PF configuration from 6.x to 7.0?

There should not be. Do you have pf and npf enabled in the same kernel?

christos