npf.boot.conf revision 1.1
1 # $NetBSD: npf.boot.conf,v 1.1 2019/04/02 01:50:32 sevan Exp $ 2 # 3 # /etc/defaults/npf.boot.conf -- 4 # initial configuration for npf(4) 5 # 6 # DO NOT EDIT THIS FILE DIRECTLY; IT MAY BE REPLACED DURING A SYSTEM UPGRADE. 7 # EDIT /etc/npf.boot.conf INSTEAD. 8 # 9 10 11 set bpf.jit off 12 13 group default { 14 # Default deny. 15 block all 16 17 # Don't block loopback. 18 pass on lo0 all 19 20 # Allow outgoing DNS. 21 pass stateful out to any port domain 22 23 # Allow outgoing ping request, might be used by a DHCP client to validate 24 # old (but valid) leases in case it needs to fall back to such a lease 25 # (the DHCP server can be down or not responding). 26 pass stateful out proto icmp icmp-type echo all 27 28 # Allow IPv6 router/neighbor solicitation and advertisement. 29 pass out family inet6 proto ipv6-icmp icmp-type rtsol all 30 pass in family inet6 proto ipv6-icmp icmp-type rtadv all 31 pass out family inet6 proto ipv6-icmp icmp-type neighsol all 32 pass in family inet6 proto ipv6-icmp icmp-type neighadv all 33 34 # Enable CARP, to avoid spurious failovers. 35 pass proto carp all 36 37 } 38
Indexes created Sat Oct 25 07:10:08 GMT 2025