Re: Removing PF

To: Martin Husemann <martin%duskware.de@localhost>, "Aaron B." <aaron%zadzmo.org@localhost>
Subject: Re: Removing PF
From: Jan Danielsson <jan.m.danielsson%gmail.com@localhost>
Date: Tue, 2 Apr 2019 11:02:56 +0200

On 2019-04-02 08:53, Martin Husemann wrote:
>> This, exactly, is the showstopper that has prevented me from moving to
>> npf. The ability to add/remove IP addresses from a NAT translation
>> without changing npf.conf doesn't seem to be possible in any
>> documentation I was able to find.
>
> It is documented at least, from the EXAMPLE section of npfctl(8):
> 
>      Addition and removal of entries in the table whose ID is "vip":
> 
>            # npfctl table "vip" add 10.0.0.1
>            # npfctl table "vip" rem 182.168.0.0/24
> 
> There also is "npfctl rule add" and "npfctl rule rem". Also blacklistd(8)
> obviously does it.

   These are the filter rules, not the NAT rules.

   The UPnP device essentially says two things:
   1) Hey, I would like external hosts to be able to access me on port
X.  (filter rule, this works as you pointed out).
   2) Hey, I'm at a.b.c.d, and I would like external port X to redirect
to me at port Y.  (NAT rule, this isn't supported yet).

-- 
Kind Regards,
Jan Danielsson

Follow-Ups:
- Re: Removing PF
  - From: Mindaugas Rasiukevicius
- Re: Removing PF
  - From: Martin Husemann

References:
- Re: Removing PF
  - From: Brian Buhrow
- Re: Removing PF
  - From: Matt Sporleder
- Re: Removing PF
  - From: Jan Danielsson
- Re: Removing PF
  - From: Aaron B.
- Re: Removing PF
  - From: Martin Husemann

Prev by Date: Re: Proposal: new audio framework
Next by Date: Re: Removing PF
Previous by Thread: Re: Removing PF
Next by Thread: Re: Removing PF
Indexes:

Home | Main Index | Thread Index | Old Index