[src/trunk]: src/share/examples/npf Indent to improve readability.

[sevan <sevan%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/54b21ee9d33f
branches:  trunk
changeset: 998376:54b21ee9d33f
user:      sevan <sevan%NetBSD.org@localhost>
date:      Tue Apr 16 10:52:28 2019 +0000

description:
Indent to improve readability.
Add a description for log event.

diffstat:

 share/examples/npf/host-npf.conf |  48 ++++++++++++++++++++--------------------
 1 files changed, 24 insertions(+), 24 deletions(-)

diffs (78 lines):

diff -r 189eb06ae5e6 -r 54b21ee9d33f share/examples/npf/host-npf.conf
--- a/share/examples/npf/host-npf.conf  Tue Apr 16 10:00:04 2019 +0000
+++ b/share/examples/npf/host-npf.conf  Tue Apr 16 10:52:28 2019 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: host-npf.conf,v 1.9 2019/04/15 22:38:48 sevan Exp $
+# $NetBSD: host-npf.conf,v 1.10 2019/04/16 10:52:28 sevan Exp $
 #
 # Simple ruleset for a host with (i.e., not routing) two interfaces,
 # ethernet and wifi.
@@ -22,16 +22,16 @@
 alg "icmp"
 
 procedure "log" {
-       log: npflog0
+    # Send log events to npflog0, see npfd(8)
+    log: npflog0
 }
 
 group "wired" on $wired_if {
-# Placeholder for blacklistd (configuration separate) to add blocked hosts
-ruleset "blacklistd"
+    # Placeholder for blacklistd (configuration separate) to add blocked hosts
+    ruleset "blacklistd"
 
-# Allow SSH on wired interface
-pass in on $wired_if proto tcp to $wired_addrs port ssh apply "log"
-
+    # Allow SSH on wired interface and log all connection attempts
+    pass in on $wired_if proto tcp to $wired_addrs port ssh apply "log"
 }
 
 group "wifi" on $wifi_if {
@@ -39,28 +39,28 @@
 }
 
 group default {
-# Default deny, otherwise last matching rule wins
-block all apply "log"
+    # Default deny, otherwise last matching rule wins
+    block all apply "log"
 
-# Don't block loopback
-pass on lo0 all
+    # Don't block loopback
+    pass on lo0 all
 
-# Allow incoming DHCP server responses
-pass in family inet4 proto udp from any port bootps to any port bootpc
-pass in family inet6 proto udp from any to any port "dhcpv6-client"
+    # Allow incoming DHCP server responses
+    pass in family inet4 proto udp from any port bootps to any port bootpc
+    pass in family inet6 proto udp from any to any port "dhcpv6-client"
 
-# Allow IPv6 ICMP
-pass family inet6 proto ipv6-icmp all
+    # Allow IPv6 ICMP
+    pass family inet6 proto ipv6-icmp all
 
-# Allow incoming IPv4 pings
-pass in family inet4 proto icmp icmp-type echo all
+    # Allow incoming IPv4 pings
+    pass in family inet4 proto icmp icmp-type echo all
 
-# Allow being tracerouted
-pass in proto udp to any port 33434-33600
+    # Allow being tracerouted
+    pass in proto udp to any port 33434-33600
 
-# Allow incoming mDNS traffic from neighbours
-pass in proto udp to any port mdns
+    # Allow incoming mDNS traffic from neighbours
+    pass in proto udp to any port mdns
 
-# Allow all outbound traffic
-pass stateful out all
+    # Allow all outbound traffic
+    pass stateful out all
 }