[src/trunk]: src/usr.sbin/npf/npfctl npf.conf(5): Add more info about ifaddrs().

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/trunk]: src/usr.sbin/npf/npfctl npf.conf(5): Add more info about ifaddrs().
From: rmind <rmind%NetBSD.org@localhost>
Date: Sat, 19 Oct 2019 20:07:59 +0000

details:   https://anonhg.NetBSD.org/src/rev/908b612e530e
branches:  trunk
changeset: 455623:908b612e530e
user:      rmind <rmind%NetBSD.org@localhost>
date:      Sun Apr 07 22:23:40 2019 +0000

description:
npf.conf(5): Add more info about ifaddrs().

diffstat:

 usr.sbin/npf/npfctl/npf.conf.5 |  22 +++++++++++++++-------
 1 files changed, 15 insertions(+), 7 deletions(-)

diffs (70 lines):

diff -r ad07b001375d -r 908b612e530e usr.sbin/npf/npfctl/npf.conf.5
--- a/usr.sbin/npf/npfctl/npf.conf.5    Sun Apr 07 21:01:43 2019 +0000
+++ b/usr.sbin/npf/npfctl/npf.conf.5    Sun Apr 07 22:23:40 2019 +0000
@@ -1,4 +1,4 @@
-.\"    $NetBSD: npf.conf.5,v 1.84 2019/01/19 21:19:32 rmind Exp $
+.\"    $NetBSD: npf.conf.5,v 1.85 2019/04/07 22:23:40 rmind Exp $
 .\"
 .\" Copyright (c) 2009-2018 The NetBSD Foundation, Inc.
 .\" All rights reserved.
@@ -27,7 +27,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd January 14, 2019
+.Dd February 2, 2019
 .Dt NPF.CONF 5
 .Os
 .Sh NAME
@@ -148,12 +148,16 @@
 .Cm family
 keyword of a filtering rule can be used in combination to explicitly select
 an IP address type.
+This function can also be used with
+.Cm map
+to specify the translation address, see below.
 .El
 .Pp
 Example of configuration:
 .Bd -literal -offset indent
 $var1 = inet4(wm0)
 $var2 = ifaddrs(wm0)
+
 group default {
        block in on wm0 all               # rule 1
        block in on $var1 all             # rule 2
@@ -350,6 +354,11 @@
 .Pp
 .Dl map $ext_if dynamic proto tcp 10.1.1.2 port 22 <- $ext_if port 9022
 .Pp
+The translation address can also by dynamic, based on the interface.
+The following would select IPv4 address currently assigned to the interface:
+.Pp
+.Dl map $ext_if dynamic 10.1.1.0/24 -> ifaddrs($ext_if)
+.Pp
 If the dynamic NAT is configured with multiple translation addresses,
 then a custom selection algorithm can be chosen using the
 .Cm algo
@@ -587,10 +596,9 @@
 
 alg "icmp"
 
-# Note: if $ext_if has multiple IP address (e.g. IPv6 as well),
-# then the translation address has to be specified explicitly.
-map $ext_if dynamic 10.1.1.0/24 -> $ext_if
-map $ext_if dynamic proto tcp 10.1.1.2 port 22 <- $ext_if port 9022
+# These NAT rules will dynamically select the interface address(es).
+map $ext_if dynamic 10.1.1.0/24 -> ifaddrs($ext_if)
+map $ext_if dynamic proto tcp 10.1.1.2 port 22 <- ifaddrs($ext_if) port 9022
 
 procedure "log" {
        # The logging facility can be used together with npfd(8).
@@ -635,7 +643,7 @@
 .Xr npfctl 8 ,
 .Xr npfd 8
 .Pp
-.Lk http://www.netbsd.org/~rmind/npf/ "NPF documentation website"
+.Lk http://rmind.github.io/npf/ "NPF documentation website"
 .Sh HISTORY
 NPF first appeared in
 .Nx 6.0 .

Prev by Date: [src/trunk]: src/sys/kern Switch kcov module class to MODULE_CLASS_MISC
Next by Date: [src/trunk]: src/lib/libc/time don't print ???, requested by kre@
Previous by Thread: [src/trunk]: src/sys/kern Switch kcov module class to MODULE_CLASS_MISC
Next by Thread: [src/trunk]: src/lib/libc/time don't print ???, requested by kre@
Indexes:

Home | Main Index | Thread Index | Old Index