tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Trying to understand stateful npf



On Sun, 14 Oct 2018, Maxime Villard wrote:
Le 12/10/2018 à 17:10, Stephen Borrill a écrit :
I'm trying to configure a ruleset to filter traffic bound for the outside
world and also allow an incoming port map. The ruleset can be seen below.
I would expect that the "pass stateful out" on the internal interface would
have allowed the packets back in past the "block in all" from 10.10.0.2
when replying. However, it does not.

your $trusted and $int_xennet0_addrs variables are unused, from here on I
can't know if you didn't forget entries and other things in your conf

The configs are autogenerated from a script which deals with many different configurations (and allows switching between ipf and npf). Those unused variables happen not to be used in the example I gave, but as far as I'm aware, declaring unused variables is not a problem, i.e. the example given is complete.

--
Stephen


Home | Main Index | Thread Index | Old Index