NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: pf and rpi

> Seriously, why aren't you using NPF? NPF is the packet filter that is actually
> being developed on and for NetBSD.

I'm not familiar with it.
On freebsd I use ipfw, with rules that first one wins.
On pf I know that the last one wins. Cannot be so sure
reading npf howto. My bet is that the last wins too.

I made a little investigation and seems that I could
change from pf to npf. The pf rules:

set skip on lo
block in all
block out all
pass out on usmsc0 proto { tcp, udp, icmp } from any to any modulate state
pass in on usmsc0 proto tcp from any to any port ssh

My version of /etc/npf.conf sounds like this:

group "eth" on usmsc0 {
	block all
	pass stateful out final all
	pass stateful in final proto tcp to usmsc0 port ssh
group default {
	pass final on lo0 all
	block all

So far, I'm confused about having to drop secure level to
-1 to load module for pf or npf. Gonna try that as my very
next step.

Thanks all for help and best regards


Home | Main Index | Thread Index | Old Index