Re: npf

To: Christos Zoulas <christos%astron.com@localhost>
Subject: Re: npf
From: Paul Goyette <paul%whooppee.com@localhost>
Date: Wed, 11 Jan 2017 07:31:25 +0800 (PHT)

On Mon, 9 Jan 2017, Christos Zoulas wrote:

In article <Pine.NEB.4.64.1701091137250.18648%speedy.whooppee.com@localhost>,
Paul Goyette  <paul%whooppee.com@localhost> wrote:

Following the example /usr/share/examples/blacklistd/npf.conf I created
the following:

	# Transparent firewall example for blacklistd

	$ext_if = { wm0, tun0 }

	set bpf.jit on;
	alg "icmp"

	group "external" on $ext_if {
	        ruleset "blacklistd"
	        pass final all
	}

	group default {
	        pass final all
	}

After enabling npf, I see filter rules only on wm0, nothing for the
tunnel:

	{150} /etc/rc.d/npf restart
	Disabling NPF.
	Enabling NPF.
	{151}  npfctl show
	# filtering:    active
	# config:       loaded

	group "external" on wm0
	        ruleset "blacklistd" all
	        pass final all

	group
	        pass final all

	{152}


Am I missing something?


Nope, looks like a bug.


Do I need to file a PR for this?



+------------------+--------------------------+------------------------+
| Paul Goyette     | PGP Key fingerprint:     | E-mail addresses:      |
| (Retired)        | FA29 0E3B 35AF E8AE 6651 | paul at whooppee.com   |
| Kernel Developer | 0786 F758 55DE 53BA 7731 | pgoyette at netbsd.org |
+------------------+--------------------------+------------------------+

Follow-Ups:
- Re: npf
  - From: Christos Zoulas

References:
- npf
  - From: Paul Goyette
- Re: npf
  - From: Christos Zoulas

Prev by Date: Automated report: NetBSD-current/i386 test failure
Next by Date: Re: npf
Previous by Thread: Re: npf
Next by Thread: Re: npf
Indexes:

Home | Main Index | Thread Index | Old Index