Current-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

npf configuration for blacklistd

With all the discussion going on (re removal of pf), I revisited my
attempts to implement blacklistd.  But I'm still having some issues
getting npf configured.

I have two external-facing interfaces, both of which should be handled
identically by blacklistd.  I tried using the npf examples, with an
interface group containug both wm0 and tun0, but npf won't deal with
it - it complains about having multiple members in the $ext_if group.
(See PR kern/51818)

So, I tried creating two groups, one for each interface, but both
having the same blacklistd ruleset.  Now npf complains "some table
has a duplicate entry" and still doesn't start.

So, any suggestions on how to make this work?

(FWIW, I have no real opinion on the greater question(s) regarding the
possible demise of pf and/or ipf.)

| Paul Goyette       | PGP Key fingerprint:     | E-mail addresses:     |
| (Retired)          | FA29 0E3B 35AF E8AE 6651 |     |
| Software Developer | 0786 F758 55DE 53BA 7731 |   |

Home | Main Index | Thread Index | Old Index