Using NPF

To: Netbsd-Users-List <netbsd-users%netbsd.org@localhost>
Subject: Using NPF
From: Todd Gruhn <tgruhn2%gmail.com@localhost>
Date: Sun, 14 Jul 2024 18:55:01 +0000

I still cant get  NPF to start from rc.conf ...

When I start from command-line I get this:


 /etc/rc.d/npf onestart
/etc/rc.d/npf onestart
ifconfig: clone_command: File exists
ifconfig: exec_matches: File exists
ifconfig: clone_command: File exists
ifconfig: exec_matches: File exists
Enabling NPF /etc/npf.conf

I want simple connect internet via CAT5.
Here is my npf.conf:


alg "icmp"

$cat5 = "wm0"


procedure "log"{
    # Send log events to npflog0, see npfd(8)
    log: npflog0
 }

group default{
    # Default deny, otherwise last matching rule wins
    block all apply "log"

    # Don't block loopback
    pass on lo0 all

    # Allow incoming DHCP server responses
    pass in family inet4 proto udp from any port bootps to any port bootpc
    pass in family inet6 proto udp from any to any port "dhcpv6-client"

    # Allow IPv6 ICMP
    pass family inet6 proto ipv6-icmp all

    # Allow incoming IPv4 pings
    pass in family inet4 proto icmp icmp-type echo all

    # Allow being tracerouted
    pass in proto udp to any port 33434-33600

    # Allow incoming mDNS traffic from neighbours
    pass in proto udp to any port mdns

    # Allow all outbound traffic
    pass stateful out all

 }

Prev by Date: Re: I cannot make i2c work in raspberry pi Zero W
Next by Date: Strange FreeBSD lock (related to iSCSI initiator connected to NetBSD istgt ?)
Previous by Thread: NetBSD-SA2024-002 OpenSSH CVE-2024-6387 `regreSSHion'
Next by Thread: Strange FreeBSD lock (related to iSCSI initiator connected to NetBSD istgt ?)
Indexes:

Home | Main Index | Thread Index | Old Index