Clarify the "Groups" section.
This commit is contained in:
maxv
parent
918cd75c72
commit
20048da297
|
|
@ -1,4 +1,4 @@
|
|||
.\" $NetBSD: npf.conf.5,v 1.66 2018/08/27 13:20:47 wiz Exp $
|
||||
.\" $NetBSD: npf.conf.5,v 1.67 2018/08/31 10:52:30 maxv Exp $
|
||||
.\"
|
||||
.\" Copyright (c) 2009-2017 The NetBSD Foundation, Inc.
|
||||
.\" All rights reserved.
|
||||
|
|
@ -27,7 +27,7 @@
|
|||
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||||
.\" POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.Dd August 27, 2018
|
||||
.Dd August 31, 2018
|
||||
.Dt NPF.CONF 5
|
||||
.Os
|
||||
.Sh NAME
|
||||
|
|
@ -132,17 +132,25 @@ The
|
|||
.Cd family
|
||||
keyword can be used in combination of a filtering rule to be explicit.
|
||||
.Ss Groups
|
||||
NPF requires that all rules be defined within groups.
|
||||
Groups can be thought of as higher level rules which can contain subrules.
|
||||
Groups may have the following options: name, interface, and direction.
|
||||
They are defined in the following form:
|
||||
Packets matching group criteria are passed to the ruleset of that group.
|
||||
If a packet does not match any group, it is passed to the
|
||||
.Cd default group .
|
||||
The
|
||||
.Cd default group
|
||||
must always be defined.
|
||||
.Pp
|
||||
Example of configuration:
|
||||
.Bd -literal
|
||||
group "my-name" in on wm0 {
|
||||
# List of rules
|
||||
# List of rules, for packets received on wm0
|
||||
}
|
||||
group default {
|
||||
# List of rules, for the other packets
|
||||
}
|
||||
.Ed
|
||||
A minimal
|
||||
.Nm
|
||||
must contain a mandatory
|
||||
.Cd default group .
|
||||
.Ss Rules
|
||||
With a rule statement NPF is instructed to
|
||||
.Cd pass
|
||||
|
|
|
|||
Loading…
Reference in New Issue