[src/trunk]: src/share/examples/npf Fix syntax error in the example, fix one ...

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/trunk]: src/share/examples/npf Fix syntax error in the example, fix one ...
From: rmind <rmind%NetBSD.org@localhost>
Date: Mon, 06 Apr 2020 23:58:23 +0000

details:   https://anonhg.NetBSD.org/src/rev/22ff0cc7f12e
branches:  trunk
changeset: 783173:22ff0cc7f12e
user:      rmind <rmind%NetBSD.org@localhost>
date:      Sun Dec 09 22:12:26 2012 +0000

description:
Fix syntax error in the example, fix one rule and G/C "rid" procedure.

diffstat:

 share/examples/npf/host-npf.conf    |  31 ++++++++++++++-----------------
 share/examples/npf/soho_gw-npf.conf |  12 ++++--------
 2 files changed, 18 insertions(+), 25 deletions(-)

diffs (116 lines):

diff -r 05b459550fee -r 22ff0cc7f12e share/examples/npf/host-npf.conf
--- a/share/examples/npf/host-npf.conf  Sun Dec 09 22:06:21 2012 +0000
+++ b/share/examples/npf/host-npf.conf  Sun Dec 09 22:12:26 2012 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: host-npf.conf,v 1.3 2012/12/04 18:48:32 spz Exp $
+# $NetBSD: host-npf.conf,v 1.4 2012/12/09 22:12:26 rmind Exp $
 #
 # this is an example of NPF rules for a host (i.e., not routing) with
 # two network interfaces, wired and wifi
@@ -6,6 +6,7 @@
 # it does both IPv4 and IPv6 and allows for DHCP in v4 and SLAAC in v6
 # it also does IPSEC on the wifi
 #
+
 $wired_if = "wm0"
 $wired_v4 = { inet4(wm0) }
 $wired_v6 = { inet6(wm0) }
@@ -30,10 +31,6 @@
      log: npflog0
 }
 
-procedure "rid" {
-     normalise: "random-id"
-}
-
 group (name "wired", interface $wired_if) {
 
        # not being picky about our own address here
@@ -64,16 +61,16 @@
 
        # only SYN packets need to generate state
        pass stateful out final family inet6 proto tcp flags S/SA \
-               from $wired_v6 apply "rid" 
+               from $wired_v6
        pass stateful out final family inet  proto tcp flags S/SA \
-               from $wired_v4 apply "rid" 
+               from $wired_v4
        # pass the other tcp packets without generating extra state
-       pass out final family inet6 proto tcp from $wired_v6 apply "rid" 
-       pass out final family inet  proto tcp from $wired_v4 apply "rid" 
+       pass out final family inet6 proto tcp from $wired_v6
+       pass out final family inet  proto tcp from $wired_v4
 
        # all other types of traffic, generate state per packet
-       pass stateful out final family inet6 from $wired_v6 apply "rid" 
-       pass stateful out final family inet  from $wired_v4 apply "rid" 
+       pass stateful out final family inet6 from $wired_v6
+       pass stateful out final family inet  from $wired_v4
 
 }
 
@@ -107,16 +104,16 @@
 
        # only SYN packets need to generate state
         pass stateful out final family inet6 proto tcp flags S/SA \
-               from $wifi_v6 apply "rid" 
+               from $wifi_v6
         pass stateful out final family inet  proto tcp flags S/SA \
-               from $wifi_v4 apply "rid" 
+               from $wifi_v4
        # pass the other tcp packets without generating extra state
-        pass out final family inet6 proto tcp from $wifi_v6 apply "rid" 
-        pass out final family inet  proto tcp from $wifi_v4 apply "rid" 
+        pass out final family inet6 proto tcp from $wifi_v6
+        pass out final family inet  proto tcp from $wifi_v4
 
        # all other types of traffic, generate state per packet
-        pass stateful out final family inet6 from $wifi_v6 apply "rid" 
-        pass stateful out final family inet  from $wifi_v4 apply "rid" 
+        pass stateful out final family inet6 from $wifi_v6
+        pass stateful out final family inet  from $wifi_v4
 }
 
 group (default) {
diff -r 05b459550fee -r 22ff0cc7f12e share/examples/npf/soho_gw-npf.conf
--- a/share/examples/npf/soho_gw-npf.conf       Sun Dec 09 22:06:21 2012 +0000
+++ b/share/examples/npf/soho_gw-npf.conf       Sun Dec 09 22:12:26 2012 +0000
@@ -1,10 +1,11 @@
-# $NetBSD: soho_gw-npf.conf,v 1.3 2012/12/04 18:48:32 spz Exp $
+# $NetBSD: soho_gw-npf.conf,v 1.4 2012/12/09 22:12:26 rmind Exp $
 #
 # SOHO border
 #
 # This is a natting border gateway/webserver/mailserver/nameserver
 # IPv4 only
 #
+
 $ext_if = "wm0"
 $ext_v4 = inet4(wm0)
 $ext_addrs = { ifnet(wm0) }
@@ -27,18 +28,14 @@
 
 # NAT traffic arriving on port 9022 of the external interface address
 # to host 198.51.100.2 port 22
-map $ext_if dynamic 198.51.100.2 port 22 <- $ext_v4 9022
+map $ext_if dynamic 198.51.100.2 port 22 <- $ext_v4 port 9022
 
 procedure "log" {
        log: npflog0
 }
 
-procedure "rid" {
-       normalise: "random-id"
-}
-
 group (name "external", interface $ext_if) {
-       pass stateful out final from $ext_addrs apply "rid"
+       pass stateful out final all
 
        block in final from <1>
        pass stateful in final family inet proto tcp to $ext_v4 port ssh \
@@ -62,4 +59,3 @@
        pass final on lo0 all
        block all
 }
-

Prev by Date: [src/trunk]: src/tools/compat handle the list of files and directories genera...
Next by Date: [src/trunk]: src Make the compat libs of npf extension shared libraries go to...
Previous by Thread: [src/trunk]: src/tools/compat handle the list of files and directories genera...
Next by Thread: [src/trunk]: src Make the compat libs of npf extension shared libraries go to...
Indexes:

Home | Main Index | Thread Index | Old Index