Re: Layer-2 filtering in NPF

To: Greg Troxel <gdt%lexort.com@localhost>
Subject: Re: Layer-2 filtering in NPF
From: Emmanuel Nyarko <emmankoko519%gmail.com@localhost>
Date: Sat, 5 Jul 2025 03:13:51 +0000


> On 5 Jul 2025, at 3:05 AM, Emmanuel Nyarko <emmankoko519%gmail.com@localhost> wrote:
> 
> 
> 
>> On 5 Jul 2025, at 1:01 AM, Greg Troxel <gdt%lexort.com@localhost> wrote:
>> 
>> Apparently I'm having a different upgrade problem.
>> 
>> I had a rule in npf.conf that was accepted by my previous -current
>> (early May?), and now it isn't.  That led to the default rules in
>> npf_conf operating, and those did not allow dhcpcd to succeed.
>> 
>> The rule that is now objected to looks like
>> 
>>   pass in proto udp to any port 11000-11002
>> 
>> (but not those numbers).  Reading the man page, port-opts is
>> 
>>   port-opts       = "port" ( port-num | port-from "-" port-to | var-name )
>> 
>> which indeed my line did not match, so I changed to
>> 
>>   pass in proto udp to any port 11000 - 11002
>> 
>> but I didn't see this in the announced changes.
> 
> Okay i have seen the issue.
> 
> i included a rule for colon separated Mac addresses in lex, so the parser is choosing that ahead of the port range and striking a syntax error.

i mean "hyphen"
> 
> i might as well remove that.
> 
> 
> Emmanuel
> 
> 
> 
> 
> 

Emmanuel

References:
- Layer-2 filtering in NPF
  - From: Emmanuel Nyarko
- Re: Layer-2 filtering in NPF
  - From: Manuel Bouyer
- Re: Layer-2 filtering in NPF
  - From: Emmanuel Nyarko
- Re: Layer-2 filtering in NPF
  - From: Greg Troxel
- Re: Layer-2 filtering in NPF
  - From: Greg Troxel
- Re: Layer-2 filtering in NPF
  - From: Emmanuel Nyarko

Prev by Date: Re: Layer-2 filtering in NPF
Next by Date: Re: Layer-2 filtering in NPF
Previous by Thread: Re: Layer-2 filtering in NPF
Next by Thread: Re: Layer-2 filtering in NPF
Indexes:

Home | Main Index | Thread Index | Old Index