I still cant get NPF to start from rc.conf ...
When I start from command-line I get this:
/etc/rc.d/npf onestart
/etc/rc.d/npf onestart
ifconfig: clone_command: File exists
ifconfig: exec_matches: File exists
ifconfig: clone_command: File exists
ifconfig: exec_matches: File exists
Enabling NPF /etc/npf.conf
I want simple connect internet via CAT5.
Here is my npf.conf:
alg "icmp"
$cat5 = "wm0"
procedure "log"{
# Send log events to npflog0, see npfd(8)
log: npflog0
}
group default{
# Default deny, otherwise last matching rule wins
block all apply "log"
# Don't block loopback
pass on lo0 all
# Allow incoming DHCP server responses
pass in family inet4 proto udp from any port bootps to any port bootpc
pass in family inet6 proto udp from any to any port "dhcpv6-client"
# Allow IPv6 ICMP
pass family inet6 proto ipv6-icmp all
# Allow incoming IPv4 pings
pass in family inet4 proto icmp icmp-type echo all
# Allow being tracerouted
pass in proto udp to any port 33434-33600
# Allow incoming mDNS traffic from neighbours
pass in proto udp to any port mdns
# Allow all outbound traffic
pass stateful out all
}
