NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: NPF does not recognize npflog0

On Fri, Nov 2, 2012 at 6:33 AM, Pongthep Kulkrisada 
<> wrote:
> * Darrel ( wrote:
>> It is beyond my scope, Pongthep.  :(
>> Years ago when I used Packet Filter on NetBSD it required lkm, but I
>> really do not recall much about it.
>> With so many problems on that particular machine, I would consider
>> installing anew at this point.
> I now have NPF up and running on 6.0_STABLE (i386),
> In my test, it has not recognized npflog0 and icmp6-type.
> (/etc/rc.d/npflog* script is not there anyway.)
> Commenting out these lines, it now WORKS.
> I think it still has a few bugs.
> pass stateful out final family inet proto tcp flags S/SA from $ext_if apply 
> "norm"
> pass out final family inet proto tcp from $ext_if apply "norm"
> pass stateful out final family inet from $ext_if apply "norm"
> These lines are placed at the bottom of the interface group. (last rule wins)

Maybe you want to read this
Word final means final so that any other rules for such a traffic are
not consulted.

> But it doesn't work as expect.
> I did not ``block'' anything except for default group.
> It still blocks all initiated outbound traffics.
> The previous ``pass in'' in the same interface group work pretty fine.
> At least httpd and sshd can be accessed from the other machines.
> Maybe I'm wrong somewhere. I'm checking.
> Thanks,
> --
> Pongthep Kulkrisada
> "UNIX is basically a simple operating system,
> but you have to be a genius to understand the simplicity."
> -- Dennis M. Ritchie

Home | Main Index | Thread Index | Old Index