Module Name: src
Committed By: sevan
Date: Wed Apr 10 23:13:02 UTC 2019
Modified Files:
src/share/examples/npf: soho_gw-npf.conf
Log Message:
Use a separate variable for IPv6.
Found with npfctl validate.
To generate a diff of this commit:
cvs rdiff -u -r1.8 -r1.9 src/share/examples/npf/soho_gw-npf.conf
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/share/examples/npf/soho_gw-npf.conf
diff -u src/share/examples/npf/soho_gw-npf.conf:1.8 src/share/examples/npf/soho_gw-npf.conf:1.9
--- src/share/examples/npf/soho_gw-npf.conf:1.8 Wed Apr 10 23:00:43 2019
+++ src/share/examples/npf/soho_gw-npf.conf Wed Apr 10 23:13:02 2019
@@ -1,4 +1,4 @@
-# $NetBSD: soho_gw-npf.conf,v 1.8 2019/04/10 23:00:43 sevan Exp $
+# $NetBSD: soho_gw-npf.conf,v 1.9 2019/04/10 23:13:02 sevan Exp $
#
# SOHO border
#
@@ -8,7 +8,8 @@
$ext_if = "wm0"
$ext_v4 = inet4(wm0)
-$ext_addrs = { inet4(wm0), inet6(wm0) }
+$ext_addrs = inet4(wm0)
+$ext_addrs6 = inet6(wm0)
$int_if = "wm1"
@@ -42,11 +43,15 @@ group "external" on $ext_if {
apply "log"
pass stateful in final proto tcp to $ext_addrs port $services_tcp
pass stateful in final proto udp to $ext_addrs port $services_udp
+ pass stateful in final family inet6 proto tcp to $ext_addrs6 port $services_tcp
+ pass stateful in final family inet6 proto udp to $ext_addrs6 port $services_udp
# Passive FTP
pass stateful in final proto tcp to $ext_addrs port 49151-65535
+ pass stateful in final family inet6 proto tcp to $ext_addrs port 49151-65535
# Traceroute
pass stateful in final proto udp to $ext_addrs port 33434-33600
+ pass stateful in final family inet6 proto udp to $ext_addrs port 33434-33600
}
group "internal" on $int_if {
