[src/trunk]: src/share/examples/npf Drop the final keyword to use the default...

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/trunk]: src/share/examples/npf Drop the final keyword to use the default...
From: sevan <sevan%NetBSD.org@localhost>
Date: Sat, 19 Oct 2019 21:09:40 +0000

details:   https://anonhg.NetBSD.org/src/rev/11e277ce7fc3
branches:  trunk
changeset: 459695:11e277ce7fc3
user:      sevan <sevan%NetBSD.org@localhost>
date:      Sat Sep 21 20:31:31 2019 +0000

description:
Drop the final keyword to use the default policy of last matching rule wins

diffstat:

 share/examples/npf/soho_gw-npf.conf |  22 +++++++++++-----------
 1 files changed, 11 insertions(+), 11 deletions(-)

diffs (47 lines):

diff -r 586f83d9c884 -r 11e277ce7fc3 share/examples/npf/soho_gw-npf.conf
--- a/share/examples/npf/soho_gw-npf.conf       Sat Sep 21 19:48:15 2019 +0000
+++ b/share/examples/npf/soho_gw-npf.conf       Sat Sep 21 20:31:31 2019 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: soho_gw-npf.conf,v 1.12 2019/04/11 10:17:21 sevan Exp $
+# $NetBSD: soho_gw-npf.conf,v 1.13 2019/09/21 20:31:31 sevan Exp $
 #
 # SOHO border
 #
@@ -35,27 +35,27 @@
 }
 
 group "external" on $ext_if {
-       pass stateful out final all
+       pass stateful out all
 
-       block in final from <block>
-       pass stateful in final family inet4 proto tcp to $ext_v4 port ssh \
+       block in from <block>
+       pass stateful in family inet4 proto tcp to $ext_v4 port ssh \
                apply "log"
-       pass stateful in final proto tcp to $ext_addrs port $services_tcp
-       pass stateful in final proto udp to $ext_addrs port $services_udp
+       pass stateful in proto tcp to $ext_addrs port $services_tcp
+       pass stateful in proto udp to $ext_addrs port $services_udp
 
        # Passive FTP
-       pass stateful in final proto tcp to $ext_addrs port 49151-65535
+       pass stateful in proto tcp to $ext_addrs port 49151-65535
        # Traceroute
-       pass stateful in final proto udp to $ext_addrs port 33434-33600
+       pass stateful in proto udp to $ext_addrs port 33434-33600
 }
 
 group "internal" on $int_if {
        block in all
-       pass in final from <int-block>
-       pass out final all
+       pass in from <int-block>
+       pass out all
 }
 
 group default {
-       pass final on lo0 all
+       pass on lo0 all
        block all
 }

Prev by Date: [src/trunk]: src/dist/pf/usr.sbin/ftp-proxy grammar
Next by Date: [src/trunk]: src/share/examples/npf default policy is to blockall
Previous by Thread: [src/trunk]: src/dist/pf/usr.sbin/ftp-proxy grammar
Next by Thread: [src/trunk]: src/share/examples/npf default policy is to blockall
Indexes:

Home | Main Index | Thread Index | Old Index