Re: NPF and PF

[Robert Swindells <rjs%fdy2.co.uk@localhost>]

Manuel Bouyer <bouyer%antioche.eu.org@localhost> wrote:
>On Wed, Dec 16, 2020 at 05:45:36PM +0000, Robert Swindells wrote:
>> 
>> Manuel Bouyer <bouyer%antioche.eu.org@localhost> wrote:
>> >On Wed, Dec 16, 2020 at 04:07:54PM +0100, Hauke Fath wrote:
>> >> [...]
>> >> IMHO, the NetBSD packet filter supports SOHO installations at best; 
>> >> anything else is misleading.
>> >
>> >Even at home, I stay with ipf for multihomed routers.
>> >npf just lacks the features I use (as I already explained several times).
>> 
>> Prompted by today's thread I looked back at recent firewall discussions.
>> 
>> I don't see enough of a description of what you want to do to be able
>> to work on fixing your problem.
>
>My first mail on this topic was 26 Oct 2012 on tech-net@
>I then did send a more complete example 21 Aug 2018, as a followup to a
>mail from you on developers@ (you were in Cc).
>I dind't get any follow up.

By "what you want to do" I guess I'm really looking for an even higher
level description of where you want firewall operations to get done.

Are you trying to isolate Xen VMs from each other or just protect them
from the outside ?

You write that you have BRIDGE_IPF enabled, presumably you add some
interfaces to a bridge, knowing which ones would be a help in
understanding your configuration.