Re: NPF Port Range Mapping and Network Segregation

To: Pete Long <pete%valar.uk.net@localhost>, tech-net%netbsd.org@localhost
Subject: Re: NPF Port Range Mapping and Network Segregation
From: Hector <hector%netdog.org@localhost>
Date: Tue, 21 Jan 2025 10:09:54 -0600

On 1/21/25 05:57, Pete Long wrote:

Finally how can I segregate two different networks using NPF? Here's what I have right now and there are no VLANs involved.

group "internal" on $int_if {

block stateful in from $wifinet
pass in all
pass out all

}

Probably your 'block stateful in from $wifinet' is overridden by thesubsequent 'pass in all'


NPF.CONF(5) says:

If a packet matches a rule which has the final option set, this rule is
     considered the last matching rule, and evaluation of subsequent rules is
     skipped.  Otherwise, the last matching rule is used.

Follow-Ups:
- Re: NPF Port Range Mapping and Network Segregation
  - From: Pete Long

References:
- NPF Port Range Mapping and Network Segregation
  - From: Pete Long

Prev by Date: NPF Port Range Mapping and Network Segregation
Next by Date: Re: ipv6 gateway on different subnet
Previous by Thread: NPF Port Range Mapping and Network Segregation
Next by Thread: Re: NPF Port Range Mapping and Network Segregation
Indexes:

Home | Main Index | Thread Index | Old Index