[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: NPF does not recognize npflog0
* Tomas Bodzar (tomas.bodzar%gmail.com@localhost) wrote:
> You think, but you did not past complete npf.conf yet so it's hard to help ;-)
I keep editing /etc/npf.conf time to time. There are so many versions.
But finally I fixed it! :-)
Just change procedure "norm" from
normalise: "random-id", "min-ttl" 512, "max-mss" 1432
Now it allows inbound and outbound traffic up to filtering rules.
But one question remains pertaining to ping.
pass final on $ext_if family inet proto icmp icmp-type echo code 0 all
With the rule above, I cannot ping anywhere.
In order to ping, I must put this line instead.
pass final on $ext_if family inet proto icmp all
I am also using PF as it previously was the only packet filter for me on NBSD.
With PF-equivalence to the former, the machine is pingable both directions
(to and from the machine).
Why is it different from NPF?
Thank you very much.
"UNIX is basically a simple operating system,
but you have to be a genius to understand the simplicity."
-- Dennis M. Ritchie
Main Index |
Thread Index |