Re: npf and ephemeral interfaces (tun0)

[Darren Reed <darrenr%netbsd.org@localhost>]

On 18/02/2016 6:35 AM, Christos Zoulas wrote:
> In article <CAGN_6pZoxP0EmG7PME9=pQAMrkHbDkmdfoB9VQZpCR-wNLmdww%mail.gmail.com@localhost>,
> David Brownlee  <abs%absd.org@localhost> wrote:
>> I have a server which needs to run an npf map rule on its OpenVPN
>> interface (tun0).
>>
>> I can create the rule fine, but when the system restarts tnpf rejects
>> the rulset because there is no tun0 interface. Am I missing something?
>> Is there a way around this?
>>
>> I have a couple of other systems still using pf to avoid this kind of issue :/
>>
>> Relevant rule lines:
>>
>> $vpn_if = inet4(tun0)
>> map $vpn_if dynamic $foohost      port 22 <- $foohost port 24
> Although you can refer to non-existing interfaces and they will work inspite
> of the warnings, I have:
>
>         pass final on ppp0 all
> 	pass final on ppp1 all
> 	pass final on ppp2 all
>
> inside my rules without having any ppp interfaces at filter load
> time, unfortunately refering to addresses on a non-existing interface
> does not work. Having the ability to insert and remove map statements
> like this dynamically is a missing feature that also makes UPNP
> difficult to implement.

Are there any active UPNP projects for NetBSD?
Or just porting miniupnpd?

At some point in the past what you're describing (dynamic NAT rules
managed byminiupnpd)worked with ipf but that was a long time ago now.
Relatively speaking.

Cheers,
Darren