Re: NPF does not recognize npflog0

[Pongthep Kulkrisada <ptkrisada%gmail.com@localhost>]

* Darrel (levitch%iglou.com@localhost) wrote:
> It is beyond my scope, Pongthep.  :(
> 
> Years ago when I used Packet Filter on NetBSD it required lkm, but I 
> really do not recall much about it.
> 
> With so many problems on that particular machine, I would consider 
> installing anew at this point.
I now have NPF up and running on 6.0_STABLE (i386),
In my test, it has not recognized npflog0 and icmp6-type.
(/etc/rc.d/npflog* script is not there anyway.)
Commenting out these lines, it now WORKS.
I think it still has a few bugs.

pass stateful out final family inet proto tcp flags S/SA from $ext_if apply 
"norm"
pass out final family inet proto tcp from $ext_if apply "norm"
pass stateful out final family inet from $ext_if apply "norm"

These lines are placed at the bottom of the interface group. (last rule wins)
But it doesn't work as expect.
I did not ``block'' anything except for default group.
It still blocks all initiated outbound traffics.
The previous ``pass in'' in the same interface group work pretty fine.
At least httpd and sshd can be accessed from the other machines.
Maybe I'm wrong somewhere. I'm checking.

Thanks,
-- 
Pongthep Kulkrisada
 
"UNIX is basically a simple operating system,
but you have to be a genius to understand the simplicity."
-- Dennis M. Ritchie