CVS commit: src/usr.sbin/npf/npfctl

Sun, 07 Apr 2019 15:24:36 -0700 

Module Name:    src
Committed By:   rmind
Date:           Sun Apr  7 22:23:40 UTC 2019

Modified Files:
        src/usr.sbin/npf/npfctl: npf.conf.5

Log Message:
npf.conf(5): Add more info about ifaddrs().


To generate a diff of this commit:
cvs rdiff -u -r1.84 -r1.85 src/usr.sbin/npf/npfctl/npf.conf.5

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/usr.sbin/npf/npfctl/npf.conf.5
diff -u src/usr.sbin/npf/npfctl/npf.conf.5:1.84 src/usr.sbin/npf/npfctl/npf.conf.5:1.85
--- src/usr.sbin/npf/npfctl/npf.conf.5:1.84	Sat Jan 19 21:19:32 2019
+++ src/usr.sbin/npf/npfctl/npf.conf.5	Sun Apr  7 22:23:40 2019
@@ -1,4 +1,4 @@
-.\"    $NetBSD: npf.conf.5,v 1.84 2019/01/19 21:19:32 rmind Exp $
+.\"    $NetBSD: npf.conf.5,v 1.85 2019/04/07 22:23:40 rmind Exp $
 .\"
 .\" Copyright (c) 2009-2018 The NetBSD Foundation, Inc.
 .\" All rights reserved.
@@ -27,7 +27,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd January 14, 2019
+.Dd February 2, 2019
 .Dt NPF.CONF 5
 .Os
 .Sh NAME
@@ -148,12 +148,16 @@ The
 .Cm family
 keyword of a filtering rule can be used in combination to explicitly select
 an IP address type.
+This function can also be used with
+.Cm map
+to specify the translation address, see below.
 .El
 .Pp
 Example of configuration:
 .Bd -literal -offset indent
 $var1 = inet4(wm0)
 $var2 = ifaddrs(wm0)
+
 group default {
 	block in on wm0 all               # rule 1
 	block in on $var1 all             # rule 2
@@ -350,6 +354,11 @@ redirecting the public port 9022 to the 
 .Pp
 .Dl map $ext_if dynamic proto tcp 10.1.1.2 port 22 <- $ext_if port 9022
 .Pp
+The translation address can also by dynamic, based on the interface.
+The following would select IPv4 address currently assigned to the interface:
+.Pp
+.Dl map $ext_if dynamic 10.1.1.0/24 -> ifaddrs($ext_if)
+.Pp
 If the dynamic NAT is configured with multiple translation addresses,
 then a custom selection algorithm can be chosen using the
 .Cm algo
@@ -587,10 +596,9 @@ $localnet = { 10.1.1.0/24 }
 
 alg "icmp"
 
-# Note: if $ext_if has multiple IP address (e.g. IPv6 as well),
-# then the translation address has to be specified explicitly.
-map $ext_if dynamic 10.1.1.0/24 -> $ext_if
-map $ext_if dynamic proto tcp 10.1.1.2 port 22 <- $ext_if port 9022
+# These NAT rules will dynamically select the interface address(es).
+map $ext_if dynamic 10.1.1.0/24 -> ifaddrs($ext_if)
+map $ext_if dynamic proto tcp 10.1.1.2 port 22 <- ifaddrs($ext_if) port 9022
 
 procedure "log" {
 	# The logging facility can be used together with npfd(8).
@@ -635,7 +643,7 @@ group default {
 .Xr npfctl 8 ,
 .Xr npfd 8
 .Pp
-.Lk http://www.netbsd.org/~rmind/npf/ "NPF documentation website"
+.Lk http://rmind.github.io/npf/ "NPF documentation website"
 .Sh HISTORY
 NPF first appeared in
 .Nx 6.0 .

Reply via email to