19 lines
1002 B
Plaintext
19 lines
1002 B
Plaintext
-- how to convert other packet filters to npf
|
|
-- have a way to use npflog to log packets to syslog
|
|
-- have a way to match dropped packets to rules
|
|
-- have a way to list the active nat sessions
|
|
-- npfctl start does not load the configuration if not loaded.
|
|
It is not clear you need to reload first. Or if it loads it should
|
|
print the error messages. Or it should be called enable/disable since
|
|
this is what it does. It does not "start" because like an engine with
|
|
no fuel, an npf with no configuration does not do much.
|
|
-- npf starts up too late (after traffic can go through)
|
|
-- although the framework checks the file for consistency, returning EINVAL
|
|
for system failures is probably not good enough. For example if a module
|
|
failed to autoload, it is probably an error and it should be reported
|
|
differently?
|
|
-- startup/stop script does not load and save session state
|
|
-- add algo for "with short"
|
|
-- implement "port-unr"
|
|
-- implement block return-icmp in log final all with ipopts
|