Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/share/examples/npf Use a separate variable for IPv6.



details:   https://anonhg.NetBSD.org/src/rev/f1d10a35820b
branches:  trunk
changeset: 450351:f1d10a35820b
user:      sevan <sevan%NetBSD.org@localhost>
date:      Wed Apr 10 23:13:02 2019 +0000

description:
Use a separate variable for IPv6.
Found with npfctl validate.

diffstat:

 share/examples/npf/soho_gw-npf.conf |  9 +++++++--
 1 files changed, 7 insertions(+), 2 deletions(-)

diffs (35 lines):

diff -r 07085dce5a65 -r f1d10a35820b share/examples/npf/soho_gw-npf.conf
--- a/share/examples/npf/soho_gw-npf.conf       Wed Apr 10 23:00:43 2019 +0000
+++ b/share/examples/npf/soho_gw-npf.conf       Wed Apr 10 23:13:02 2019 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: soho_gw-npf.conf,v 1.8 2019/04/10 23:00:43 sevan Exp $
+# $NetBSD: soho_gw-npf.conf,v 1.9 2019/04/10 23:13:02 sevan Exp $
 #
 # SOHO border
 #
@@ -8,7 +8,8 @@
 
 $ext_if = "wm0"
 $ext_v4 = inet4(wm0)
-$ext_addrs = { inet4(wm0), inet6(wm0) }
+$ext_addrs = inet4(wm0)
+$ext_addrs6 = inet6(wm0)
 
 $int_if = "wm1"
 
@@ -42,11 +43,15 @@
                apply "log"
        pass stateful in final proto tcp to $ext_addrs port $services_tcp
        pass stateful in final proto udp to $ext_addrs port $services_udp
+       pass stateful in final family inet6 proto tcp to $ext_addrs6 port $services_tcp
+       pass stateful in final family inet6 proto udp to $ext_addrs6 port $services_udp
 
        # Passive FTP
        pass stateful in final proto tcp to $ext_addrs port 49151-65535
+       pass stateful in final family inet6 proto tcp to $ext_addrs port 49151-65535
        # Traceroute
        pass stateful in final proto udp to $ext_addrs port 33434-33600
+       pass stateful in final family inet6 proto udp to $ext_addrs port 33434-33600
 }
 
 group "internal" on $int_if {



Home | Main Index | Thread Index | Old Index