| History log of /src/share/examples/npf |
| Revision | Date | Author | Comments |
| 1.3 | 26-Jun-2013 |
christos | rename to follow suit.
|
| 1.2 | 26-Jun-2013 |
christos | add an L2TP Gateway example.
|
| 1.1 | 22-Aug-2012 |
spz | branches: 1.1.2; 1.1.4; 1.1.6; 1.1.8;
actually install the new npf examples
add examples for a hash table file and a tree table file
add an ID string to host-npf.conf
|
| 1.1.8.2 | 20-Nov-2012 |
matt | Add missing files.
|
| 1.1.8.1 | 22-Aug-2012 |
matt | file Makefile was added on branch matt-nb6-plus on 2012-11-20 23:13:35 +0000
|
| 1.1.6.3 | 22-May-2014 |
yamt | sync with head.
for a reference, the tree before this commit was tagged
as yamt-pagecache-tag8.
this commit was splitted into small chunks to avoid
a limitation of cvs. ("Protocol error: too many arguments")
|
| 1.1.6.2 | 30-Oct-2012 |
yamt | sync with head
|
| 1.1.6.1 | 22-Aug-2012 |
yamt | file Makefile was added on branch yamt-pagecache on 2012-10-30 18:59:34 +0000
|
| 1.1.4.2 | 01-Oct-2012 |
riz | Pull up following revision(s) (requested by rmind in ticket #584):
share/examples/npf/treetablefile: revision 1.1
share/examples/npf/Makefile: revision 1.1
distrib/sets/lists/base/mi: revision 1.1003
share/examples/npf/host-npf.conf: revision 1.2
share/examples/Makefile: revision 1.21
share/examples/npf/soho_gw-npf.conf: revision 1.1
etc/mtree/NetBSD.dist.base: revision 1.104
share/examples/npf/soho_gw-npf.conf: revision 1.2
share/examples/npf/hashtablefile: revision 1.1
the example from the man page, with a few extra comments
add id string, fix comments
actually install the new npf examples
add examples for a hash table file and a tree table file
add an ID string to host-npf.conf
|
| 1.1.4.1 | 22-Aug-2012 |
riz | file Makefile was added on branch netbsd-6 on 2012-10-01 20:15:34 +0000
|
| 1.1.2.1 | 20-Aug-2014 |
tls | Rebase to HEAD as of a few days ago.
|
| 1.1 | 22-Aug-2012 |
spz | branches: 1.1.4; 1.1.6; 1.1.8;
actually install the new npf examples
add examples for a hash table file and a tree table file
add an ID string to host-npf.conf
|
| 1.1.8.2 | 20-Nov-2012 |
matt | Add missing files.
|
| 1.1.8.1 | 22-Aug-2012 |
matt | file hashtablefile was added on branch matt-nb6-plus on 2012-11-20 23:13:36 +0000
|
| 1.1.6.2 | 30-Oct-2012 |
yamt | sync with head
|
| 1.1.6.1 | 22-Aug-2012 |
yamt | file hashtablefile was added on branch yamt-pagecache on 2012-10-30 18:59:34 +0000
|
| 1.1.4.2 | 01-Oct-2012 |
riz | Pull up following revision(s) (requested by rmind in ticket #584):
share/examples/npf/treetablefile: revision 1.1
share/examples/npf/Makefile: revision 1.1
distrib/sets/lists/base/mi: revision 1.1003
share/examples/npf/host-npf.conf: revision 1.2
share/examples/Makefile: revision 1.21
share/examples/npf/soho_gw-npf.conf: revision 1.1
etc/mtree/NetBSD.dist.base: revision 1.104
share/examples/npf/soho_gw-npf.conf: revision 1.2
share/examples/npf/hashtablefile: revision 1.1
the example from the man page, with a few extra comments
add id string, fix comments
actually install the new npf examples
add examples for a hash table file and a tree table file
add an ID string to host-npf.conf
|
| 1.1.4.1 | 22-Aug-2012 |
riz | file hashtablefile was added on branch netbsd-6 on 2012-10-01 20:15:34 +0000
|
| 1.12 | 31-Jul-2023 |
tsutsui | Use proper variables for interface names in examples.
|
| 1.11 | 21-Sep-2019 |
sevan | branches: 1.11.8;
With bin/54124 fixed, the rule needs to be explicitly set to stateful.
|
| 1.10 | 16-Apr-2019 |
sevan | branches: 1.10.2;
Indent to improve readability.
Add a description for log event.
|
| 1.9 | 15-Apr-2019 |
sevan | Provide a simpler config for a host which permits any traffic from the host out,
and small subset of traffic in (DHCP (v4 and v6), All ICMPv6, ICMP echo
requests, traceroute, mDNS).
|
| 1.8 | 04-Aug-2014 |
szptvlfn | branches: 1.8.24;
use proper address, ok spz@.
|
| 1.7 | 31-May-2014 |
spz | example for port remapping added
|
| 1.6 | 08-Feb-2014 |
rmind | branches: 1.6.2;
Sync some NPF config examples with the reality.
|
| 1.5 | 20-Sep-2013 |
spz | track syntax change in npf.conf regarding group
|
| 1.4 | 09-Dec-2012 |
rmind | Fix syntax error in the example, fix one rule and G/C "rid" procedure.
|
| 1.3 | 04-Dec-2012 |
spz | adjust to current npf.conf syntax
|
| 1.2 | 22-Aug-2012 |
spz | branches: 1.2.2; 1.2.4; 1.2.6; 1.2.8;
actually install the new npf examples
add examples for a hash table file and a tree table file
add an ID string to host-npf.conf
|
| 1.1 | 20-Aug-2012 |
spz | add an example for a npf.conf
It probably could do with polishing of both rules and comments, but meh,
better than nothing
|
| 1.2.8.2 | 20-Nov-2012 |
matt | Add missing files.
|
| 1.2.8.1 | 22-Aug-2012 |
matt | file host-npf.conf was added on branch matt-nb6-plus on 2012-11-20 23:13:36 +0000
|
| 1.2.6.4 | 22-May-2014 |
yamt | sync with head.
for a reference, the tree before this commit was tagged
as yamt-pagecache-tag8.
this commit was splitted into small chunks to avoid
a limitation of cvs. ("Protocol error: too many arguments")
|
| 1.2.6.3 | 16-Jan-2013 |
yamt | sync with (a bit old) head
|
| 1.2.6.2 | 30-Oct-2012 |
yamt | sync with head
|
| 1.2.6.1 | 22-Aug-2012 |
yamt | file host-npf.conf was added on branch yamt-pagecache on 2012-10-30 18:59:34 +0000
|
| 1.2.4.4 | 15-Dec-2012 |
riz | Pull up following revision(s) (requested by rmind in ticket #744):
usr.sbin/npf/npfctl/npf.conf.5: revision 1.25
share/examples/npf/host-npf.conf: revision 1.4
share/examples/npf/soho_gw-npf.conf: revision 1.4
Fix syntax error in the example, fix one rule and G/C "rid" procedure.
- npf.conf(5): fix of the example config.
- Mention npf_ext_log in a comment.
|
| 1.2.4.3 | 11-Dec-2012 |
riz | Pull up following revision(s) (requested by rmind in ticket #736):
usr.sbin/npf/npfctl/npf_parse.y: revision 1.17
sys/net/npf/npf_tableset.c: revision 1.16
usr.sbin/npf/npfctl/npfctl.h: revision 1.23
usr.sbin/npf/npfctl/npf_data.c: revision 1.19
usr.sbin/npf/npfctl/npf_build.c: revision 1.15
share/examples/npf/host-npf.conf: revision 1.3
usr.sbin/npf/npfctl/npf_scan.l: revision 1.9
share/examples/npf/soho_gw-npf.conf: revision 1.3
usr.sbin/npf/npfctl/npf_var.h: revision 1.6
usr.sbin/npf/npfctl/npf.conf.5: revision 1.24
npfctl: extend syntax for extracting interface IP address(es) by the family.
adjust to current npf.conf syntax
npf_table_list: avoid triggering assert on diagnostic.
|
| 1.2.4.2 | 01-Oct-2012 |
riz | Pull up following revision(s) (requested by rmind in ticket #584):
share/examples/npf/treetablefile: revision 1.1
share/examples/npf/Makefile: revision 1.1
distrib/sets/lists/base/mi: revision 1.1003
share/examples/npf/host-npf.conf: revision 1.2
share/examples/Makefile: revision 1.21
share/examples/npf/soho_gw-npf.conf: revision 1.1
etc/mtree/NetBSD.dist.base: revision 1.104
share/examples/npf/soho_gw-npf.conf: revision 1.2
share/examples/npf/hashtablefile: revision 1.1
the example from the man page, with a few extra comments
add id string, fix comments
actually install the new npf examples
add examples for a hash table file and a tree table file
add an ID string to host-npf.conf
|
| 1.2.4.1 | 22-Aug-2012 |
riz | file host-npf.conf was added on branch netbsd-6 on 2012-10-01 20:15:34 +0000
|
| 1.2.2.2 | 20-Aug-2014 |
tls | Rebase to HEAD as of a few days ago.
|
| 1.2.2.1 | 25-Feb-2013 |
tls | resync with head
|
| 1.6.2.1 | 10-Aug-2014 |
tls | Rebase.
|
| 1.8.24.2 | 13-Apr-2020 |
martin | Mostly merge changes from HEAD upto 20200411
|
| 1.8.24.1 | 10-Jun-2019 |
christos | Sync with HEAD
|
| 1.10.2.2 | 05-Nov-2023 |
martin | Pull up following revision(s) (requested by tsutsui in ticket #1762):
share/examples/npf/host-npf.conf: revision 1.12
share/examples/npf/soho_gw-npf.conf: revision 1.21
Use proper variables for interface names in examples.
|
| 1.10.2.1 | 19-Nov-2019 |
martin | Pull up following revision(s) (requested by sevan in ticket #445):
share/examples/npf/host-npf.conf: revision 1.11
With bin/54124 fixed, the rule needs to be explicitly set to stateful.
|
| 1.11.8.1 | 05-Nov-2023 |
martin | Pull up following revision(s) (requested by tsutsui in ticket #458):
share/examples/npf/host-npf.conf: revision 1.12
share/examples/npf/soho_gw-npf.conf: revision 1.21
Use proper variables for interface names in examples.
|
| 1.2 | 27-Jun-2013 |
christos | remove file that did not go before.
|
| 1.1 | 26-Jun-2013 |
christos | add an L2TP Gateway example.
|
| 1.6 | 06-Feb-2016 |
riastradh | Add $NetBSD$ tag.
|
| 1.5 | 31-May-2014 |
spz | branches: 1.5.4;
- match up comment and interface identifiers
- use RFC5737 documentation prefixes
- use a variable for the RFC1918 private address ranges
|
| 1.4 | 27-May-2014 |
christos | need esp
|
| 1.3 | 27-May-2014 |
christos | just allow l2tp not regular ipsec.
|
| 1.2 | 20-Sep-2013 |
spz | branches: 1.2.2; 1.2.4;
track syntax change in npf.conf regarding group
|
| 1.1 | 26-Jun-2013 |
christos | rename to follow suit.
|
| 1.2.4.2 | 22-May-2014 |
yamt | sync with head.
for a reference, the tree before this commit was tagged
as yamt-pagecache-tag8.
this commit was splitted into small chunks to avoid
a limitation of cvs. ("Protocol error: too many arguments")
|
| 1.2.4.1 | 20-Sep-2013 |
yamt | file l2tp_gw-npf.conf was added on branch yamt-pagecache on 2014-05-22 11:37:45 +0000
|
| 1.2.2.1 | 10-Aug-2014 |
tls | Rebase.
|
| 1.5.4.2 | 20-Aug-2014 |
tls | Rebase to HEAD as of a few days ago.
|
| 1.5.4.1 | 31-May-2014 |
tls | file l2tp_gw-npf.conf was added on branch tls-maxphys on 2014-08-20 00:02:30 +0000
|
| 1.21 | 31-Jul-2023 |
tsutsui | Use proper variables for interface names in examples.
|
| 1.20 | 18-Nov-2019 |
sevan | branches: 1.20.8;
Rename the block table to something else to make it easier to differentiate
between action and name. Use this table as the example for populating by npfctl.
Drop the int-block table, it's quite cumbersome to have a firewall which
needs the internal network lists added if reboot. Use the localnet variable to
indicated which network we should pass in traffic from instead.
|
| 1.19 | 22-Sep-2019 |
sevan | Add support for blacklistd
|
| 1.18 | 22-Sep-2019 |
sevan | Passive FTP works as a client without this and we're not hosting an FTP server (port are not listed in services_tcp)
|
| 1.17 | 21-Sep-2019 |
sevan | pastos
|
| 1.16 | 21-Sep-2019 |
sevan | improve description
|
| 1.15 | 21-Sep-2019 |
sevan | Add descriptions for all rules and make use of localnet variable in place of direct IP address
|
| 1.14 | 21-Sep-2019 |
sevan | default policy is to blockall
|
| 1.13 | 21-Sep-2019 |
sevan | Drop the final keyword to use the default policy of last matching rule wins
|
| 1.12 | 11-Apr-2019 |
sevan | branches: 1.12.2;
s/ifnets/ifaddrs
|
| 1.11 | 11-Apr-2019 |
sevan | Revert previous & just use the inets function to handle both address families.
Heads up by <leot>
|
| 1.10 | 10-Apr-2019 |
sevan | typo
|
| 1.9 | 10-Apr-2019 |
sevan | Use a separate variable for IPv6.
Found with npfctl validate.
|
| 1.8 | 10-Apr-2019 |
sevan | Switch out deprecated keywords.
Found with npfctl validate.
|
| 1.7 | 20-Aug-2018 |
rjs | Fix cvs id.
|
| 1.6 | 08-Feb-2014 |
rmind | branches: 1.6.24; 1.6.26;
Sync some NPF config examples with the reality.
|
| 1.5 | 20-Sep-2013 |
spz | track syntax change in npf.conf regarding group
|
| 1.4 | 09-Dec-2012 |
rmind | Fix syntax error in the example, fix one rule and G/C "rid" procedure.
|
| 1.3 | 04-Dec-2012 |
spz | adjust to current npf.conf syntax
|
| 1.2 | 21-Aug-2012 |
spz | branches: 1.2.2; 1.2.4; 1.2.6; 1.2.8;
add id string, fix comments
|
| 1.1 | 21-Aug-2012 |
spz | the example from the man page, with a few extra comments
|
| 1.2.8.2 | 20-Nov-2012 |
matt | Add missing files.
|
| 1.2.8.1 | 21-Aug-2012 |
matt | file soho_gw-npf.conf was added on branch matt-nb6-plus on 2012-11-20 23:13:36 +0000
|
| 1.2.6.4 | 22-May-2014 |
yamt | sync with head.
for a reference, the tree before this commit was tagged
as yamt-pagecache-tag8.
this commit was splitted into small chunks to avoid
a limitation of cvs. ("Protocol error: too many arguments")
|
| 1.2.6.3 | 16-Jan-2013 |
yamt | sync with (a bit old) head
|
| 1.2.6.2 | 30-Oct-2012 |
yamt | sync with head
|
| 1.2.6.1 | 21-Aug-2012 |
yamt | file soho_gw-npf.conf was added on branch yamt-pagecache on 2012-10-30 18:59:35 +0000
|
| 1.2.4.4 | 15-Dec-2012 |
riz | Pull up following revision(s) (requested by rmind in ticket #744):
usr.sbin/npf/npfctl/npf.conf.5: revision 1.25
share/examples/npf/host-npf.conf: revision 1.4
share/examples/npf/soho_gw-npf.conf: revision 1.4
Fix syntax error in the example, fix one rule and G/C "rid" procedure.
- npf.conf(5): fix of the example config.
- Mention npf_ext_log in a comment.
|
| 1.2.4.3 | 11-Dec-2012 |
riz | Pull up following revision(s) (requested by rmind in ticket #736):
usr.sbin/npf/npfctl/npf_parse.y: revision 1.17
sys/net/npf/npf_tableset.c: revision 1.16
usr.sbin/npf/npfctl/npfctl.h: revision 1.23
usr.sbin/npf/npfctl/npf_data.c: revision 1.19
usr.sbin/npf/npfctl/npf_build.c: revision 1.15
share/examples/npf/host-npf.conf: revision 1.3
usr.sbin/npf/npfctl/npf_scan.l: revision 1.9
share/examples/npf/soho_gw-npf.conf: revision 1.3
usr.sbin/npf/npfctl/npf_var.h: revision 1.6
usr.sbin/npf/npfctl/npf.conf.5: revision 1.24
npfctl: extend syntax for extracting interface IP address(es) by the family.
adjust to current npf.conf syntax
npf_table_list: avoid triggering assert on diagnostic.
|
| 1.2.4.2 | 01-Oct-2012 |
riz | Pull up following revision(s) (requested by rmind in ticket #584):
share/examples/npf/treetablefile: revision 1.1
share/examples/npf/Makefile: revision 1.1
distrib/sets/lists/base/mi: revision 1.1003
share/examples/npf/host-npf.conf: revision 1.2
share/examples/Makefile: revision 1.21
share/examples/npf/soho_gw-npf.conf: revision 1.1
etc/mtree/NetBSD.dist.base: revision 1.104
share/examples/npf/soho_gw-npf.conf: revision 1.2
share/examples/npf/hashtablefile: revision 1.1
the example from the man page, with a few extra comments
add id string, fix comments
actually install the new npf examples
add examples for a hash table file and a tree table file
add an ID string to host-npf.conf
|
| 1.2.4.1 | 21-Aug-2012 |
riz | file soho_gw-npf.conf was added on branch netbsd-6 on 2012-10-01 20:15:34 +0000
|
| 1.2.2.2 | 20-Aug-2014 |
tls | Rebase to HEAD as of a few days ago.
|
| 1.2.2.1 | 25-Feb-2013 |
tls | resync with head
|
| 1.6.26.2 | 13-Apr-2020 |
martin | Mostly merge changes from HEAD upto 20200411
|
| 1.6.26.1 | 10-Jun-2019 |
christos | Sync with HEAD
|
| 1.6.24.1 | 06-Sep-2018 |
pgoyette | Sync with HEAD
Resolve a couple of conflicts (result of the uimin/uimax changes)
|
| 1.12.2.2 | 05-Nov-2023 |
martin | Pull up following revision(s) (requested by tsutsui in ticket #1762):
share/examples/npf/host-npf.conf: revision 1.12
share/examples/npf/soho_gw-npf.conf: revision 1.21
Use proper variables for interface names in examples.
|
| 1.12.2.1 | 19-Nov-2019 |
martin | Pull up following revision(s) (requested by sevan in ticket #444):
share/examples/npf/soho_gw-npf.conf: revision 1.13
share/examples/npf/soho_gw-npf.conf: revision 1.14
share/examples/npf/soho_gw-npf.conf: revision 1.15
share/examples/npf/soho_gw-npf.conf: revision 1.16
share/examples/npf/soho_gw-npf.conf: revision 1.17
share/examples/npf/soho_gw-npf.conf: revision 1.18
share/examples/npf/soho_gw-npf.conf: revision 1.19
share/examples/npf/soho_gw-npf.conf: revision 1.20
Drop the final keyword to use the default policy of last matching rule wins
default policy is to blockall
Add descriptions for all rules and make use of localnet variable in
place of direct IP address
improve description
pastos
Passive FTP works as a client without this and we're not hosting an FTP
server (port are not listed in services_tcp)
Add support for blacklistd
Rename the block table to something else to make it easier to differentiate
between action and name. Use this table as the example for populating by
npfctl.
Drop the int-block table, it's quite cumbersome to have a firewall which
needs the internal network lists added if reboot. Use the localnet
variable to indicated which network we should pass in traffic from instead.
|
| 1.20.8.1 | 05-Nov-2023 |
martin | Pull up following revision(s) (requested by tsutsui in ticket #458):
share/examples/npf/host-npf.conf: revision 1.12
share/examples/npf/soho_gw-npf.conf: revision 1.21
Use proper variables for interface names in examples.
|
| 1.1 | 22-Aug-2012 |
spz | branches: 1.1.4; 1.1.6; 1.1.8;
actually install the new npf examples
add examples for a hash table file and a tree table file
add an ID string to host-npf.conf
|
| 1.1.8.2 | 20-Nov-2012 |
matt | Add missing files.
|
| 1.1.8.1 | 22-Aug-2012 |
matt | file treetablefile was added on branch matt-nb6-plus on 2012-11-20 23:13:36 +0000
|
| 1.1.6.2 | 30-Oct-2012 |
yamt | sync with head
|
| 1.1.6.1 | 22-Aug-2012 |
yamt | file treetablefile was added on branch yamt-pagecache on 2012-10-30 18:59:35 +0000
|
| 1.1.4.2 | 01-Oct-2012 |
riz | Pull up following revision(s) (requested by rmind in ticket #584):
share/examples/npf/treetablefile: revision 1.1
share/examples/npf/Makefile: revision 1.1
distrib/sets/lists/base/mi: revision 1.1003
share/examples/npf/host-npf.conf: revision 1.2
share/examples/Makefile: revision 1.21
share/examples/npf/soho_gw-npf.conf: revision 1.1
etc/mtree/NetBSD.dist.base: revision 1.104
share/examples/npf/soho_gw-npf.conf: revision 1.2
share/examples/npf/hashtablefile: revision 1.1
the example from the man page, with a few extra comments
add id string, fix comments
actually install the new npf examples
add examples for a hash table file and a tree table file
add an ID string to host-npf.conf
|
| 1.1.4.1 | 22-Aug-2012 |
riz | file treetablefile was added on branch netbsd-6 on 2012-10-01 20:15:33 +0000
|
