[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: NPF does not recognize npflog0
On Fri, Nov 2, 2012 at 3:46 PM, Pongthep Kulkrisada
> * Tomas Bodzar (tomas.bodzar%gmail.com@localhost) wrote:
>> You think, but you did not past complete npf.conf yet so it's hard to help
> I keep editing /etc/npf.conf time to time. There are so many versions.
> But finally I fixed it! :-)
> Just change procedure "norm" from
> normalise: "random-id", "min-ttl" 512, "max-mss" 1432
> normalise: "random-id"
> Now it allows inbound and outbound traffic up to filtering rules.
> But one question remains pertaining to ping.
> pass final on $ext_if family inet proto icmp icmp-type echo code 0 all
> With the rule above, I cannot ping anywhere.
> In order to ping, I must put this line instead.
> pass final on $ext_if family inet proto icmp all
What is code 0 here?
Eg. on pf http://home.nuug.no/~peter/pf/eurobsdcon2012/letpingthru.html
> I am also using PF as it previously was the only packet filter for me on NBSD.
> With PF-equivalence to the former, the machine is pingable both directions
> (to and from the machine).
> Why is it different from NPF?
> Thank you very much.
> Pongthep Kulkrisada
> "UNIX is basically a simple operating system,
> but you have to be a genius to understand the simplicity."
> -- Dennis M. Ritchie
Main Index |
Thread Index |