- npf.conf(5): fix of the example config.

- Mention npf_ext_log in a comment.
This commit is contained in:
rmind 2012-12-06 22:36:51 +00:00
parent 7456c67df0
commit 7d7f70e66e
1 changed files with 4 additions and 3 deletions

View File

@ -1,4 +1,4 @@
.\" $NetBSD: npf.conf.5,v 1.24 2012/11/26 20:34:28 rmind Exp $ .\" $NetBSD: npf.conf.5,v 1.25 2012/12/06 22:36:51 rmind Exp $
.\" .\"
.\" Copyright (c) 2009-2012 The NetBSD Foundation, Inc. .\" Copyright (c) 2009-2012 The NetBSD Foundation, Inc.
.\" All rights reserved. .\" All rights reserved.
@ -27,7 +27,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
.\" POSSIBILITY OF SUCH DAMAGE. .\" POSSIBILITY OF SUCH DAMAGE.
.\" .\"
.Dd November 26, 2012 .Dd December 6, 2012
.Dt NPF.CONF 5 .Dt NPF.CONF 5
.Os .Os
.Sh NAME .Sh NAME
@ -284,11 +284,12 @@ map $ext_if dynamic 10.1.1.0/24 -> $ext_if
map $ext_if dynamic 10.1.1.2 port 22 <- $ext_if 9022 map $ext_if dynamic 10.1.1.2 port 22 <- $ext_if 9022
procedure "log" { procedure "log" {
# Note: npf_ext_log kernel module should be loaded, if not built-in.
log: npflog0 log: npflog0
} }
group (name "external", interface $ext_if) { group (name "external", interface $ext_if) {
pass stateful out final from $ext_if pass stateful out final all
block in final from \*[Lt]1\*[Gt] block in final from \*[Lt]1\*[Gt]
pass stateful in final family inet proto tcp to $ext_if port ssh apply "log" pass stateful in final family inet proto tcp to $ext_if port ssh apply "log"