NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: NPF does not recognize npflog0



On Fri, Nov 2, 2012 at 3:46 PM, Pongthep Kulkrisada 
<ptkrisada%gmail.com@localhost> wrote:
> * Tomas Bodzar (tomas.bodzar%gmail.com@localhost) wrote:
>> You think, but you did not past complete npf.conf yet so it's hard to help 
>> ;-)
> I keep editing /etc/npf.conf time to time. There are so many versions.
> But finally I fixed it! :-)
> Just change procedure "norm" from
>         normalise: "random-id", "min-ttl" 512, "max-mss" 1432
> to
>         normalise: "random-id"
> Now it allows inbound and outbound traffic up to filtering rules.
>
> But one question remains pertaining to ping.
>         pass final on $ext_if family inet proto icmp icmp-type echo code 0 all
> With the rule above, I cannot ping anywhere.
> In order to ping, I must put this line instead.
>         pass final on $ext_if family inet proto icmp all

What is code 0 here?
Eg. on pf http://home.nuug.no/~peter/pf/eurobsdcon2012/letpingthru.html

>
> I am also using PF as it previously was the only packet filter for me on NBSD.
> With PF-equivalence to the former, the machine is pingable both directions
> (to and from the machine).
> Why is it different from NPF?
>
> Thank you very much.
> --
> Pongthep Kulkrisada
>
> "UNIX is basically a simple operating system,
> but you have to be a genius to understand the simplicity."
> -- Dennis M. Ritchie


Home | Main Index | Thread Index | Old Index