Re: NPF documentation

["Waitman Gobble" <uzimac%da3m0n8t3r.com@localhost>]

Mindaugas Rasiukevicius <rmind%NetBSD.org@localhost> wrote ..
> Loganaden Velvindron <loganaden%gmail.com@localhost> wrote:
> > I've looked over NPF and sent some a bug report a while ago.
> > 
> > The last time I tried to load a ruleset, it rebooted my netbsd-current
> > box.
> > 
> > I was hoping to see a less volatile -current so that interested users
> > can experiment with NPF.
> 
> That was fixed many months ago.  A lot has changed since.
> 
> -- 
> Mindaugas

Hi,

NPF looks really great and I'd love to try it as a replacement to ipfilter. 
Thanks for your hard work.

I'm trying the example configuration in the documentation, however I only have 
one if device on this machine. (the example is for gateway i think) When I 
issued /etc/rc.d/npf start I was locked out of the machine from the network. It 
seems like the documentation says it will allow pass all without first 
'reload', but instead it seems to block traffic(?). 

When I tried '/etc/rc.d/npf reload' the machine instantly rebooted, and then 
went into an infinite reboot, whenever it got to load npf it rebooted 
instantly, again and again. 

I'm running
> uname -a
NetBSD dx.burplex.com 6.1_RC1 NetBSD 6.1_RC1 (KAINDA) #0: Sat Mar  9 08:53:06 
PST 2013  
da3m0n8t3r%dx.burplex.com@localhost:/usr/obj/sys/arch/amd64/compile/KAINDA amd64

I have not yet checked my kernel config for npf settings but maybe that's a 
place to start! /dev/npf exists on my machine.

Thank you,

-- 
Waitman Gobble
San Jose California USA