With all the discussion going on (re removal of pf), I revisited my attempts to implement blacklistd. But I'm still having some issues getting npf configured.
I have two external-facing interfaces, both of which should be handled identically by blacklistd. I tried using the npf examples, with an interface group containug both wm0 and tun0, but npf won't deal with it - it complains about having multiple members in the $ext_if group. (See PR kern/51818) So, I tried creating two groups, one for each interface, but both having the same blacklistd ruleset. Now npf complains "some table has a duplicate entry" and still doesn't start. So, any suggestions on how to make this work? (FWIW, I have no real opinion on the greater question(s) regarding the possible demise of pf and/or ipf.) +--------------------+--------------------------+-----------------------+ | Paul Goyette | PGP Key fingerprint: | E-mail addresses: | | (Retired) | FA29 0E3B 35AF E8AE 6651 | p...@whooppee.com | | Software Developer | 0786 F758 55DE 53BA 7731 | pgoye...@netbsd.org | +--------------------+--------------------------+-----------------------+