Re: NPF syntax

[Andy Ruhl <acruhl%gmail.com@localhost>]

On Mon, Mar 16, 2015 at 6:52 AM, D'Arcy J.M. Cain <darcy%netbsd.org@localhost> wrote:

I have decided to give up on pf after banging my head against the wall
(and the OBSD mailing list) and try npf but I can't figure out the
syntax.  I followed the example at http://www.netbsd.org/~rmind/npf/
but I keep getting errors when I validate.  I reduced npf.conf to the
following two lines:

table <friends> type tree file "/VEX/general/pf/friends.list"
table <enemies> type tree file "/VEX/general/pf/enemies.list"

This gives me this error:

# npfctl validate
npfctl: table '0' is already defined

If I remove one line I get this:

# npfctl validate
table <0> type tree

If I put the full file and comment out the table lines I get this:

# npfctl validate
/etc/npf.conf:11:3: syntax error near 'alg'

I am using the example config almost verbatim except for the table
names and file paths.

What am I missing here?

No help unfortunately, I"m just here to say I'm having similar issues. I've seen the npfctl error as well.

I had some other problems so I decided to see if I could start by blocking all traffic. I'm trying to get a very simple rule to work:

block in final from 0.0.0.0/0

And it doesn't. Obviously I'm missing something very fundamental and I haven't found it in the documentation yet. Maybe I have to use a table?

Frustrating.

Andy