Re: Removing PF

To: "Aaron B." <aaron%zadzmo.org@localhost>
Subject: Re: Removing PF
From: Martin Husemann <martin%duskware.de@localhost>
Date: Tue, 2 Apr 2019 08:53:02 +0200

On Mon, Apr 01, 2019 at 07:55:15PM -0400, Aaron B. wrote:
> On Sat, 30 Mar 2019 02:30:06 +0100
> Jan Danielsson <jan.m.danielsson%gmail.com@localhost> wrote:
> 
> > On 2019-03-30 01:19, Matt Sporleder wrote:
> > > What features, exactly, are missing?
> > 
> >    Runtime NAT reconfiguration.  miniupnpd wants to be able to
> > add/remove filter rules (npf can do this) as well as add/remove NAT
> > entries (npf couldn't do this last time I checked).
> 
> This, exactly, is the showstopper that has prevented me from moving to
> npf. The ability to add/remove IP addresses from a NAT translation
> without changing npf.conf doesn't seem to be possible in any
> documentation I was able to find.

It is documented at least, from the EXAMPLE section of npfctl(8):

     Addition and removal of entries in the table whose ID is "vip":

           # npfctl table "vip" add 10.0.0.1
           # npfctl table "vip" rem 182.168.0.0/24

There also is "npfctl rule add" and "npfctl rule rem". Also blacklistd(8)
obviously does it.

Martin

Follow-Ups:
- Re: Removing PF
  - From: Jan Danielsson

References:
- Re: Removing PF
  - From: Brian Buhrow
- Re: Removing PF
  - From: Matt Sporleder
- Re: Removing PF
  - From: Jan Danielsson
- Re: Removing PF
  - From: Aaron B.

Prev by Date: Re: Removing PF
Next by Date: Re: Proposal: new audio framework
Previous by Thread: Re: Removing PF
Next by Thread: Re: Removing PF
Indexes:

Home | Main Index | Thread Index | Old Index