pf -> npf teething pain

To: netbsd-users%NetBSD.org@localhost
Subject: pf -> npf teething pain
From: Hauke Fath <hf%spg.tu-darmstadt.de@localhost>
Date: Wed, 4 Jan 2017 12:47:34 +0100

All,

as one of New Year's projects, I have started to re-write workplace'spf(4) rules to npf(4). And up popped questions about what certainfeatures map to...

o npf.conf(5) has lists (and maps) for addresses. What about lists ofports, interfaces, protocols - both in variable declaration, and inline?

o is it possible to create static maps inline, or do you always have toread the data entries from a file? Are maps limited to addresses, or isthe concept available for e.g. ports?

o we have several rfc1918 networks whose traffic is routed to localpublic IP networks, but nat'ed to the outside world with


nat on $wan_if from $guest_net to !<int_nets> -> $wan_if_ip

How would I express this in npf lingo?

o in the middle of scratching my head about how to express the above!<int_nets> in npf, I saw that '!' negation support has been committedto HEAD. What is the chance (ETA) of this coming to -7?


o what about ftp-proxy(8) support for npf?

Cheerio,
hauke

--
     The ASCII Ribbon Campaign                    Hauke Fath
()     No HTML/RTF in email	        Institut für Nachrichtentechnik
/\     No Word docs in email                     TU Darmstadt
     Respect for open standards              Ruf +49-6151-16-3281

Prev by Date: Re: Serial console setup
Next by Date: -CURRENT cross compilation hangs with fatal error: pass-instances.def: No such file or directory
Previous by Thread: Dual-boot Linux and NetBSD with SYSLINUX
Next by Thread: -CURRENT cross compilation hangs with fatal error: pass-instances.def: No such file or directory
Indexes:

Home | Main Index | Thread Index | Old Index