[src/trunk]: src/usr.sbin/npf/npfctl - npf.conf(5): fix of the example config.

[rmind <rmind%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/18d884bd8951
branches:  trunk
changeset: 783123:18d884bd8951
user:      rmind <rmind%NetBSD.org@localhost>
date:      Thu Dec 06 22:36:51 2012 +0000

description:
- npf.conf(5): fix of the example config.
- Mention npf_ext_log in a comment.

diffstat:

 usr.sbin/npf/npfctl/npf.conf.5 |  7 ++++---
 1 files changed, 4 insertions(+), 3 deletions(-)

diffs (32 lines):

diff -r 79f637ad21e0 -r 18d884bd8951 usr.sbin/npf/npfctl/npf.conf.5
--- a/usr.sbin/npf/npfctl/npf.conf.5    Thu Dec 06 13:28:17 2012 +0000
+++ b/usr.sbin/npf/npfctl/npf.conf.5    Thu Dec 06 22:36:51 2012 +0000
@@ -1,4 +1,4 @@
-.\"    $NetBSD: npf.conf.5,v 1.24 2012/11/26 20:34:28 rmind Exp $
+.\"    $NetBSD: npf.conf.5,v 1.25 2012/12/06 22:36:51 rmind Exp $
 .\"
 .\" Copyright (c) 2009-2012 The NetBSD Foundation, Inc.
 .\" All rights reserved.
@@ -27,7 +27,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd November 26, 2012
+.Dd December 6, 2012
 .Dt NPF.CONF 5
 .Os
 .Sh NAME
@@ -284,11 +284,12 @@
 map $ext_if dynamic 10.1.1.2 port 22 <- $ext_if 9022
 
 procedure "log" {
+       # Note: npf_ext_log kernel module should be loaded, if not built-in.
        log: npflog0
 }
 
 group (name "external", interface $ext_if) {
-       pass stateful out final from $ext_if
+       pass stateful out final all
 
        block in final from \*[Lt]1\*[Gt]
        pass stateful in final family inet proto tcp to $ext_if port ssh apply "log"