Re: npf issue

To: Paul Goyette <paul%whooppee.com@localhost>
Subject: Re: npf issue
From: Greg Troxel <gdt%lexort.com@localhost>
Date: Sun, 11 Jan 2026 10:52:36 -0500

Paul Goyette <paul%whooppee.com@localhost> writes:

> I have 2 "external" interfaces.  When  try to configure blocklistd
> I get a "file exists" error.
>
> Here's the relevant portion of nof.conf
>
> group "bl1" on $ext_if1 {
>         ruleset "blocklistd"
>         pass final all
> }
>
> group "bl2" on $ext_if2 {
>        ruleset "blocklistd"
>        pass final all
> }
>
> Is this supposed to work?

Good question.  The manpage doesn't really address this well enough in
the first place.

I wonder if the ruleset has a pointer to the rule where it is used (in
the code).

I have

group "blocklistd" {
    ruleset "blacklistd"
}

and as I understand it, because the rule does not match if the address
isn't blocked, then evaluation continues.  However, this results in
blocking those on all interfaces, instead of just two.  But I'm ok with
just always blocking.

References:
- npf issue
  - From: Paul Goyette

Prev by Date: npf issue
Previous by Thread: npf issue
Indexes:

Home | Main Index | Thread Index | Old Index