Re: Layer-2 filtering in NPF: breaking config parsing

To: Emmanuel Nyarko <emmankoko519%gmail.com@localhost>
Subject: Re: Layer-2 filtering in NPF: breaking config parsing
From: Greg Troxel <gdt%lexort.com@localhost>
Date: Tue, 08 Jul 2025 09:34:02 -0400

I have taken out all the stuff about the tun0 interface (that isn't
there) from the config.   I'm left with a pretty normal config

  alg icmp
  procedure log

  group default {
    pass stateful out final all 
    block all apply "log" 
    block in final from <blocklist> apply "log" 
    a bunch of individual pass rules

after starting, even outbound ping fails, and I see in messages:

  Jul  8 09:29:21 n11 dhcpcd[826]: ps_root_recvmsg: Network is unreachable

I then did

  telnet 1.2.3.4 30

where 1.2.3.4 is another host.  tcpdumping there showed no SYN arriving.

after

  /etc/rc.d/npf onestop

doing telnet again showed the packet arriving at the other host.

Follow-Ups:
- Re: Layer-2 filtering in NPF: breaking config parsing
  - From: Greg Troxel
- Re: Layer-2 filtering in NPF: breaking config parsing
  - From: Emmanuel Nyarko

References:
- Layer-2 filtering in NPF
  - From: Emmanuel Nyarko
- Re: Layer-2 filtering in NPF
  - From: Markus Kilbinger
- Re: Layer-2 filtering in NPF
  - From: Emmanuel Nyarko
- Re: Layer-2 filtering in NPF
  - From: Markus Kilbinger
- Re: Layer-2 filtering in NPF
  - From: Emmanuel Nyarko
- Re: Layer-2 filtering in NPF
  - From: Greg Troxel
- Re: Layer-2 filtering in NPF
  - From: Emmanuel Nyarko
- Layer-2 filtering in NPF: breaking config parsing
  - From: Greg Troxel
- Re: Layer-2 filtering in NPF: breaking config parsing
  - From: Emmanuel Nyarko

Prev by Date: Re: Layer-2 filtering in NPF: breaking config parsing
Next by Date: Re: Layer-2 filtering in NPF: breaking config parsing
Previous by Thread: Re: Layer-2 filtering in NPF: breaking config parsing
Next by Thread: Re: Layer-2 filtering in NPF: breaking config parsing
Indexes:

Home | Main Index | Thread Index | Old Index