- npf.conf(5): fix of the example config.
- Mention npf_ext_log in a comment.
This commit is contained in:
rmind
parent
7456c67df0
commit
7d7f70e66e
|
|
@ -1,4 +1,4 @@
|
||||||
.\" $NetBSD: npf.conf.5,v 1.24 2012/11/26 20:34:28 rmind Exp $
|
.\" $NetBSD: npf.conf.5,v 1.25 2012/12/06 22:36:51 rmind Exp $
|
||||||
.\"
|
.\"
|
||||||
.\" Copyright (c) 2009-2012 The NetBSD Foundation, Inc.
|
.\" Copyright (c) 2009-2012 The NetBSD Foundation, Inc.
|
||||||
.\" All rights reserved.
|
.\" All rights reserved.
|
||||||
|
|
@ -27,7 +27,7 @@
|
||||||
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||||||
.\" POSSIBILITY OF SUCH DAMAGE.
|
.\" POSSIBILITY OF SUCH DAMAGE.
|
||||||
.\"
|
.\"
|
||||||
.Dd November 26, 2012
|
.Dd December 6, 2012
|
||||||
.Dt NPF.CONF 5
|
.Dt NPF.CONF 5
|
||||||
.Os
|
.Os
|
||||||
.Sh NAME
|
.Sh NAME
|
||||||
|
|
@ -284,11 +284,12 @@ map $ext_if dynamic 10.1.1.0/24 -> $ext_if
|
||||||
map $ext_if dynamic 10.1.1.2 port 22 <- $ext_if 9022
|
map $ext_if dynamic 10.1.1.2 port 22 <- $ext_if 9022
|
||||||
|
|
||||||
procedure "log" {
|
procedure "log" {
|
||||||
|
# Note: npf_ext_log kernel module should be loaded, if not built-in.
|
||||||
log: npflog0
|
log: npflog0
|
||||||
}
|
}
|
||||||
|
|
||||||
group (name "external", interface $ext_if) {
|
group (name "external", interface $ext_if) {
|
||||||
pass stateful out final from $ext_if
|
pass stateful out final all
|
||||||
|
|
||||||
block in final from \*[Lt]1\*[Gt]
|
block in final from \*[Lt]1\*[Gt]
|
||||||
pass stateful in final family inet proto tcp to $ext_if port ssh apply "log"
|
pass stateful in final family inet proto tcp to $ext_if port ssh apply "log"
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue