NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: NPF does not recognize npflog0



On Fri, Nov 2, 2012 at 11:55 AM, Pongthep Kulkrisada
<ptkrisada%gmail.com@localhost> wrote:
> * Tomas Bodzar (tomas.bodzar%gmail.com@localhost) wrote:
>> Maybe you want to read this
>> http://www.feyrer.de/NetBSD/bx/blosxom.cgi/nb_20121017_2254.html
>> Word final means final so that any other rules for such a traffic are
>> not consulted.
> I had read it many times since the beginning of my attempt.
>
>> > I think it still has a few bugs.
>> >
>> > pass stateful out final family inet proto tcp flags S/SA from $ext_if 
>> > apply "norm"
>> > pass out final family inet proto tcp from $ext_if apply "norm"
>> > pass stateful out final family inet from $ext_if apply "norm"
>> >
>> > These lines are placed at the bottom of the interface group. (last rule 
>> > wins)
>> > But it doesn't work as expect.
>> > I did not ``block'' anything except for default group.
>> > It still blocks all initiated outbound traffics.
>> > The previous ``pass in'' in the same interface group work pretty fine.
>> > At least httpd and sshd can be accessed from the other machines.
>> > Maybe I'm wrong somewhere. I'm checking.
> I tried commenting out all the lines in group excepted these three lines.
> It still blocks all outbound traffic.
> I also tried removing ``final'' from these lines.
> It doesn't help.
> Even if I ``pass'' everything in group (default),
> (That is no ``block'' remained in my /etc/npf.conf.)
> it still blocks all outbound traffic.
>
> I think filtering rules are not the causes, should be something else.

You think, but you did not past complete npf.conf yet so it's hard to help ;-)

>
> Thanks,
> --
> Pongthep Kulkrisada
>
> "UNIX is basically a simple operating system,
> but you have to be a genius to understand the simplicity."
> -- Dennis M. Ritchie


Home | Main Index | Thread Index | Old Index