Re: npf questions/experience migrating from ipf on NetBSD8

To: "Robert Swindells" <rjs%fdy2.co.uk@localhost>
Subject: Re: npf questions/experience migrating from ipf on NetBSD8
From: yancm%sdf.org@localhost
Date: Mon, 4 Jan 2021 01:29:52 -0000

> Ok, what about the rest of the file, you didn't show any rule groups.

I tried the example pretty much as-is, eventually tried this for
debugging, which should be about as promiscuous and
unfiltered as possible:

$ext_if = "wm0"
$ext_v4 = inet4(wm0)

$int_if = "bge0"
$int_v4 = inet4(bge0)

$localnet0 = { 192.168.1.0/24 }

map $ext_if dynamic $localnet0 -> $ext_v4

procedure "log" {
        log: npflog0
}

group "external" on $ext_if {
        pass stateful all apply "log"
}

group "internal" on $int_if {
        pass stateful all apply "log"
}

group default {
        pass final on lo0 all
        block all
}

From watching the log, and peer behavior, no packets
are getting mapped.

References:
- Re: npf questions/experience migrating from ipf on NetBSD8
  - From: Robert Swindells

Prev by Date: Re: npf questions/experience migrating from ipf on NetBSD8
Next by Date: Can WM_EVENT_COUNTERS be enabled default?
Previous by Thread: Re: npf questions/experience migrating from ipf on NetBSD8
Next by Thread: IPfilter problems known for NetBSD-9ish?
Indexes:

Home | Main Index | Thread Index | Old Index