Re: Ftp-proxy in NPF

To: tech-net%netbsd.org@localhost
Subject: Re: Ftp-proxy in NPF
From: Hans Rosenfeld <hans%netbsd.org@localhost>
Date: Thu, 9 Jan 2025 15:03:53 +0100

On Thu, Jan 09, 2025 at 09:28:17AM +0000, Emmanuel Nyarko wrote:
> Got a note from one of the netbsd users/devs in an old mail thread.
> 
> Just looked at the ftp-proxy code. And 
> 
> ftp-proxy (initializes pf and starts the daemon.)
> ftp-proxy -N (initializes npf and starts the daemon) (not updated in
> manual yet) 

If that's the case, then that should be documented immediately, and the
documentation update should pulled up into all releases that support
this feature.

I really didn't know about this until just now because I didn't find it
anywhere in the docs when I looked for it, and I didn't bother looking
at the code.

> Since we want to use npf as our primary packet filter, 
> 
> I want to resverse it. 
> 
> ftp-proxy (initialize npf and starts daemon.)
> ftp-proxy -pf (initializes pf and starts daemon). 

I have no strong opinion on that. But another sensible way to handle
this is to insist that either -N or -pf (or --pf, or -f) is specified,
at least until pf goes away completely. That way, it breaks immediately
if the user doesn't adapt to the change rather than doing something
unexpected.

> And then include a small npf grammar in npf.conf to use ftp-proxy. 
> 
> Ftp-proxy code lives in dist/pf/usr.sbin. so tightly coupled with pf.
> Want to relocate to ./usr.sbin/

Seems like a sensible idea.

Hans

-- 
%SYSTEM-F-ANARCHISM, The operating system has been overthrown

Follow-Ups:
- Re: Ftp-proxy in NPF
  - From: Hauke Fath

References:
- Ftp-proxy in NPF
  - From: Emmanuel Nyarko

Prev by Date: Ftp-proxy in NPF
Next by Date: Re: Ftp-proxy in NPF
Previous by Thread: Ftp-proxy in NPF
Next by Thread: Re: Ftp-proxy in NPF
Indexes:

Home | Main Index | Thread Index | Old Index