Understanding groups in npf

To: netbsd-users%netbsd.org@localhost
Subject: Understanding groups in npf
From: tpDev Tester <tpdev.tester%gmail.com@localhost>
Date: Fri, 29 Nov 2024 15:58:44 +0100

Hi,

I started to work with npf and want to learn how it works. I read npf.conf(5) and http://rmind.github.io/npf/ but currently I'm still struggling with the groups.

npf.conf(5): "NPF requires that all rules be defined within groups. Groups can be thought of as higher level rules which can contain subrules. Groups may have the following options: name, interface, and direction. Packets matching group criteria are passed to the ruleset of that group. If a packet does not match any group, it is passed to the default group. The default group must always be defined."

"... Groups can be thought of as higher level rules which can contain subrules ..."

Does that also mean, groups can have sub-groups like:
group "" in {
  ...
  group "" in on wm0{
    ...
  }
}?


"... Packets matching group criteria are passed to the ruleset of that group. ..."

group "" in {
  ...
}

group "" in om wm0{
  ...
}

Are incoming packets on wm0 passed to the rulesets of both groups (assume no final keyword) or first-match-wins or specific-prior-general or ...


"... Groups may have the following options: name, ..."

What is the intended use of the group names? When do I use/need them?


Kind regards
Thomas

Prev by Date: Xresoureces
Next by Date: Re: Xresoureces
Previous by Thread: Xresoureces
Next by Thread: Anyone on Reddit?
Indexes:

Home | Main Index | Thread Index | Old Index