npf.conf(5): Add more info about ifaddrs().
This commit is contained in:
rmind
parent
369fc07c4c
commit
0694a143e0
@ -1,4 +1,4 @@
|
||||
.\" $NetBSD: npf.conf.5,v 1.84 2019/01/19 21:19:32 rmind Exp $
|
||||
.\" $NetBSD: npf.conf.5,v 1.85 2019/04/07 22:23:40 rmind Exp $
|
||||
.\"
|
||||
.\" Copyright (c) 2009-2018 The NetBSD Foundation, Inc.
|
||||
.\" All rights reserved.
|
||||
@ -27,7 +27,7 @@
|
||||
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||||
.\" POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.Dd January 14, 2019
|
||||
.Dd February 2, 2019
|
||||
.Dt NPF.CONF 5
|
||||
.Os
|
||||
.Sh NAME
|
||||
@ -148,12 +148,16 @@ The
|
||||
.Cm family
|
||||
keyword of a filtering rule can be used in combination to explicitly select
|
||||
an IP address type.
|
||||
This function can also be used with
|
||||
.Cm map
|
||||
to specify the translation address, see below.
|
||||
.El
|
||||
.Pp
|
||||
Example of configuration:
|
||||
.Bd -literal -offset indent
|
||||
$var1 = inet4(wm0)
|
||||
$var2 = ifaddrs(wm0)
|
||||
|
||||
group default {
|
||||
block in on wm0 all # rule 1
|
||||
block in on $var1 all # rule 2
|
||||
@ -350,6 +354,11 @@ redirecting the public port 9022 to the port 22 of an internal host:
|
||||
.Pp
|
||||
.Dl map $ext_if dynamic proto tcp 10.1.1.2 port 22 <- $ext_if port 9022
|
||||
.Pp
|
||||
The translation address can also by dynamic, based on the interface.
|
||||
The following would select IPv4 address currently assigned to the interface:
|
||||
.Pp
|
||||
.Dl map $ext_if dynamic 10.1.1.0/24 -> ifaddrs($ext_if)
|
||||
.Pp
|
||||
If the dynamic NAT is configured with multiple translation addresses,
|
||||
then a custom selection algorithm can be chosen using the
|
||||
.Cm algo
|
||||
@ -587,10 +596,9 @@ $localnet = { 10.1.1.0/24 }
|
||||
|
||||
alg "icmp"
|
||||
|
||||
# Note: if $ext_if has multiple IP address (e.g. IPv6 as well),
|
||||
# then the translation address has to be specified explicitly.
|
||||
map $ext_if dynamic 10.1.1.0/24 -> $ext_if
|
||||
map $ext_if dynamic proto tcp 10.1.1.2 port 22 <- $ext_if port 9022
|
||||
# These NAT rules will dynamically select the interface address(es).
|
||||
map $ext_if dynamic 10.1.1.0/24 -> ifaddrs($ext_if)
|
||||
map $ext_if dynamic proto tcp 10.1.1.2 port 22 <- ifaddrs($ext_if) port 9022
|
||||
|
||||
procedure "log" {
|
||||
# The logging facility can be used together with npfd(8).
|
||||
@ -635,7 +643,7 @@ group default {
|
||||
.Xr npfctl 8 ,
|
||||
.Xr npfd 8
|
||||
.Pp
|
||||
.Lk http://www.netbsd.org/~rmind/npf/ "NPF documentation website"
|
||||
.Lk http://rmind.github.io/npf/ "NPF documentation website"
|
||||
.Sh HISTORY
|
||||
NPF first appeared in
|
||||
.Nx 6.0 .
|
||||
|
||||
Loading…
Reference in New Issue
Block a user