Re: npf syntax: port ranges, negation of a condition, and map rules

To: netbsd-users%NetBSD.org@localhost
Subject: Re: npf syntax: port ranges, negation of a condition, and map rules
From: Rocky Hotas <rockyhotas%firemail.cc@localhost>
Date: Wed, 28 Oct 2020 14:50:17 +0100

On ott 28 12:22, Martin Husemann wrote:

> There is an example in /usr/share/examples/npf/host-npf.conf:
> 
>     # Allow being tracerouted
>     pass in proto udp to any port 33434-33600

This is a single use (but thanks! I forgot this example file). My case
is double, because I would like to map a port range into another port
range (both ranges contain the same number n of ports).

> > but none of them seems to work in
> > map $myif dynamic proto tcp $myhost port XXX <- $myif port XXX

In particular, for example,

map $myif dynamic proto tcp $myhost port 33434-33435 <- $myif port 55000-55001

doesn't work:

# npfctl reload
/etc/npf.conf:41:92: port range is not valid near '55001'

Replacing 55000-55001 with a single port or with 33434-33435 themselves
gives the same error.

Rocky

Follow-Ups:
- Re: npf syntax: port ranges, negation of a condition, and map rules
  - From: Michael van Elst

References:
- npf syntax: port ranges, negation of a condition, and map rules
  - From: Rocky Hotas
- Re: npf syntax: port ranges, negation of a condition, and map rules
  - From: Martin Husemann

Prev by Date: Re: Atmega 32u2 NetBSD 9
Next by Date: Re: PR 55714
Previous by Thread: Re: npf syntax: port ranges, negation of a condition, and map rules
Next by Thread: Re: npf syntax: port ranges, negation of a condition, and map rules
Indexes:

Home | Main Index | Thread Index | Old Index