Module Name: src
Committed By: sevan
Date: Sat Sep 21 20:31:31 UTC 2019
Modified Files:
src/share/examples/npf: soho_gw-npf.conf
Log Message:
Drop the final keyword to use the default policy of last matching rule wins
To generate a diff of this commit:
cvs rdiff -u -r1.12 -r1.13 src/share/examples/npf/soho_gw-npf.conf
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/share/examples/npf/soho_gw-npf.conf
diff -u src/share/examples/npf/soho_gw-npf.conf:1.12 src/share/examples/npf/soho_gw-npf.conf:1.13
--- src/share/examples/npf/soho_gw-npf.conf:1.12 Thu Apr 11 10:17:21 2019
+++ src/share/examples/npf/soho_gw-npf.conf Sat Sep 21 20:31:31 2019
@@ -1,4 +1,4 @@
-# $NetBSD: soho_gw-npf.conf,v 1.12 2019/04/11 10:17:21 sevan Exp $
+# $NetBSD: soho_gw-npf.conf,v 1.13 2019/09/21 20:31:31 sevan Exp $
#
# SOHO border
#
@@ -35,27 +35,27 @@ procedure "log" {
}
group "external" on $ext_if {
- pass stateful out final all
+ pass stateful out all
- block in final from <block>
- pass stateful in final family inet4 proto tcp to $ext_v4 port ssh \
+ block in from <block>
+ pass stateful in family inet4 proto tcp to $ext_v4 port ssh \
apply "log"
- pass stateful in final proto tcp to $ext_addrs port $services_tcp
- pass stateful in final proto udp to $ext_addrs port $services_udp
+ pass stateful in proto tcp to $ext_addrs port $services_tcp
+ pass stateful in proto udp to $ext_addrs port $services_udp
# Passive FTP
- pass stateful in final proto tcp to $ext_addrs port 49151-65535
+ pass stateful in proto tcp to $ext_addrs port 49151-65535
# Traceroute
- pass stateful in final proto udp to $ext_addrs port 33434-33600
+ pass stateful in proto udp to $ext_addrs port 33434-33600
}
group "internal" on $int_if {
block in all
- pass in final from <int-block>
- pass out final all
+ pass in from <int-block>
+ pass out all
}
group default {
- pass final on lo0 all
+ pass on lo0 all
block all
}
