Module Name: src
Committed By: maxv
Date: Wed Sep 19 15:36:12 UTC 2018
Modified Files:
src/usr.sbin/npf/npfctl: npf.conf.5
Log Message:
Switch back to tabs, it was nicer this way.
To generate a diff of this commit:
cvs rdiff -u -r1.75 -r1.76 src/usr.sbin/npf/npfctl/npf.conf.5
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/usr.sbin/npf/npfctl/npf.conf.5
diff -u src/usr.sbin/npf/npfctl/npf.conf.5:1.75 src/usr.sbin/npf/npfctl/npf.conf.5:1.76
--- src/usr.sbin/npf/npfctl/npf.conf.5:1.75 Tue Sep 4 15:36:01 2018
+++ src/usr.sbin/npf/npfctl/npf.conf.5 Wed Sep 19 15:36:12 2018
@@ -1,4 +1,4 @@
-.\" $NetBSD: npf.conf.5,v 1.75 2018/09/04 15:36:01 maxv Exp $
+.\" $NetBSD: npf.conf.5,v 1.76 2018/09/19 15:36:12 maxv Exp $
.\"
.\" Copyright (c) 2009-2017 The NetBSD Foundation, Inc.
.\" All rights reserved.
@@ -27,7 +27,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
.\" POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd September 4, 2018
+.Dd September 19, 2018
.Dt NPF.CONF 5
.Os
.Sh NAME
@@ -529,33 +529,33 @@ map $ext_if dynamic 10.1.1.0/24 -> $ext_
map $ext_if dynamic proto tcp 10.1.1.2 port 22 <- $ext_if port 9022
procedure "log" {
- # The logging facility can be used together with npfd(8).
- log: npflog0
+ # The logging facility can be used together with npfd(8).
+ log: npflog0
}
group "external" on $ext_if {
- pass stateful out final all
+ pass stateful out final all
- block in final from <blacklist>
- pass stateful in final family inet4 proto tcp to $ext_if port ssh apply "log"
- pass stateful in final proto tcp to $ext_if port $services_tcp
- pass stateful in final proto udp to $ext_if port $services_udp
- pass stateful in final proto tcp to $ext_if port 49151-65535 # passive FTP
- pass stateful in final proto udp to $ext_if port 33434-33600 # traceroute
+ block in final from <blacklist>
+ pass stateful in final family inet4 proto tcp to $ext_if port ssh apply "log"
+ pass stateful in final proto tcp to $ext_if port $services_tcp
+ pass stateful in final proto udp to $ext_if port $services_udp
+ pass stateful in final proto tcp to $ext_if port 49151-65535 # passive FTP
+ pass stateful in final proto udp to $ext_if port 33434-33600 # traceroute
}
group "internal" on $int_if {
- block in all
- block in final from <limited>
+ block in all
+ block in final from <limited>
- # Ingress filtering as per BCP 38 / RFC 2827.
- pass in final from $localnet
- pass out final all
+ # Ingress filtering as per BCP 38 / RFC 2827.
+ pass in final from $localnet
+ pass out final all
}
group default {
- pass final on lo0 all
- block all
+ pass final on lo0 all
+ block all
}
.Ed
.\" -----
