[src/trunk]: src/usr.sbin/npf/npfctl Clarify the "Groups" section.

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/trunk]: src/usr.sbin/npf/npfctl Clarify the "Groups" section.
From: maxv <maxv%NetBSD.org@localhost>
Date: Tue, 04 Sep 2018 18:13:05 +0000

details:   https://anonhg.NetBSD.org/src/rev/8a9efd434a6a
branches:  trunk
changeset: 366513:8a9efd434a6a
user:      maxv <maxv%NetBSD.org@localhost>
date:      Fri Aug 31 10:52:30 2018 +0000

description:
Clarify the "Groups" section.

diffstat:

 usr.sbin/npf/npfctl/npf.conf.5 |  24 ++++++++++++++++--------
 1 files changed, 16 insertions(+), 8 deletions(-)

diffs (50 lines):

diff -r ccc65c78eefc -r 8a9efd434a6a usr.sbin/npf/npfctl/npf.conf.5
--- a/usr.sbin/npf/npfctl/npf.conf.5    Fri Aug 31 10:38:17 2018 +0000
+++ b/usr.sbin/npf/npfctl/npf.conf.5    Fri Aug 31 10:52:30 2018 +0000
@@ -1,4 +1,4 @@
-.\"    $NetBSD: npf.conf.5,v 1.66 2018/08/27 13:20:47 wiz Exp $
+.\"    $NetBSD: npf.conf.5,v 1.67 2018/08/31 10:52:30 maxv Exp $
 .\"
 .\" Copyright (c) 2009-2017 The NetBSD Foundation, Inc.
 .\" All rights reserved.
@@ -27,7 +27,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd August 27, 2018
+.Dd August 31, 2018
 .Dt NPF.CONF 5
 .Os
 .Sh NAME
@@ -132,17 +132,25 @@
 .Cd family
 keyword can be used in combination of a filtering rule to be explicit.
 .Ss Groups
+NPF requires that all rules be defined within groups.
+Groups can be thought of as higher level rules which can contain subrules.
 Groups may have the following options: name, interface, and direction.
-They are defined in the following form:
+Packets matching group criteria are passed to the ruleset of that group.
+If a packet does not match any group, it is passed to the
+.Cd default group .
+The
+.Cd default group
+must always be defined.
+.Pp
+Example of configuration:
 .Bd -literal
 group "my-name" in on wm0 {
-       # List of rules
+       # List of rules, for packets received on wm0
+}
+group default {
+       # List of rules, for the other packets
 }
 .Ed
-A minimal
-.Nm
-must contain a mandatory
-.Cd default group .
 .Ss Rules
 With a rule statement NPF is instructed to
 .Cd pass

Prev by Date: [src/trunk]: src/usr.sbin/npf/npfctl "interface" already contains "var-name", ...
Next by Date: [src/trunk]: src/usr.sbin/npf/npfctl rename net-seg -> map-seg, and document it
Previous by Thread: [src/trunk]: src/usr.sbin/npf/npfctl "interface" already contains "var-name", ...
Next by Thread: [src/trunk]: src/usr.sbin/npf/npfctl rename net-seg -> map-seg, and document it
Indexes:

Home | Main Index | Thread Index | Old Index