CVS commit: src/share/examples/npf

Fri, 20 Sep 2013 10:51:38 -0700 

Module Name:    src
Committed By:   spz
Date:           Fri Sep 20 17:51:04 UTC 2013

Modified Files:
        src/share/examples/npf: host-npf.conf l2tp_gw-npf.conf soho_gw-npf.conf

Log Message:
track syntax change in npf.conf regarding group


To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.5 src/share/examples/npf/host-npf.conf \
    src/share/examples/npf/soho_gw-npf.conf
cvs rdiff -u -r1.1 -r1.2 src/share/examples/npf/l2tp_gw-npf.conf

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/share/examples/npf/host-npf.conf
diff -u src/share/examples/npf/host-npf.conf:1.4 src/share/examples/npf/host-npf.conf:1.5
--- src/share/examples/npf/host-npf.conf:1.4	Sun Dec  9 22:12:26 2012
+++ src/share/examples/npf/host-npf.conf	Fri Sep 20 17:51:04 2013
@@ -1,4 +1,4 @@
-# $NetBSD: host-npf.conf,v 1.4 2012/12/09 22:12:26 rmind Exp $
+# $NetBSD: host-npf.conf,v 1.5 2013/09/20 17:51:04 spz Exp $
 #
 # this is an example of NPF rules for a host (i.e., not routing) with
 # two network interfaces, wired and wifi
@@ -31,7 +31,7 @@ procedure "log" {
      log: npflog0
 }
 
-group (name "wired", interface $wired_if) {
+group "wired" on $wired_if {
 
 	# not being picky about our own address here
 	pass in  final family inet6 proto ipv6-icmp all
@@ -74,7 +74,7 @@ group (name "wired", interface $wired_if
 
 }
 
-group (name "wifi", interface $wifi_if) {
+group "wifi" on $wifi_if {
 	# linklocal
 	pass in  final family inet6 proto ipv6-icmp  to fe80::/10
 	pass out final family inet6 proto ipv6-icmp from fe80::/10
@@ -116,7 +116,7 @@ group (name "wifi", interface $wifi_if) 
         pass stateful out final family inet  from $wifi_v4
 }
 
-group (default) {
+group default {
 	pass final on lo0 all
 	block all apply "log"
 }
Index: src/share/examples/npf/soho_gw-npf.conf
diff -u src/share/examples/npf/soho_gw-npf.conf:1.4 src/share/examples/npf/soho_gw-npf.conf:1.5
--- src/share/examples/npf/soho_gw-npf.conf:1.4	Sun Dec  9 22:12:26 2012
+++ src/share/examples/npf/soho_gw-npf.conf	Fri Sep 20 17:51:04 2013
@@ -1,4 +1,4 @@
-# $NetBSD: soho_gw-npf.conf,v 1.4 2012/12/09 22:12:26 rmind Exp $
+# $NetBSD: soho_gw-npf.conf,v 1.5 2013/09/20 17:51:04 spz Exp $
 #
 # SOHO border
 #
@@ -34,7 +34,7 @@ procedure "log" {
 	log: npflog0
 }
 
-group (name "external", interface $ext_if) {
+group "external" on $ext_if {
 	pass stateful out final all
 
 	block in final from <1>
@@ -49,13 +49,13 @@ group (name "external", interface $ext_i
 	pass stateful in final proto udp to $ext_addrs port 33434-33600
 }
 
-group (name "internal", interface $int_if) {
+group "internal" on $int_if {
 	block in all
 	pass in final from <2>
 	pass out final all
 }
 
-group (default) {
+group default {
 	pass final on lo0 all
 	block all
 }

Index: src/share/examples/npf/l2tp_gw-npf.conf
diff -u src/share/examples/npf/l2tp_gw-npf.conf:1.1 src/share/examples/npf/l2tp_gw-npf.conf:1.2
--- src/share/examples/npf/l2tp_gw-npf.conf:1.1	Wed Jun 26 21:36:39 2013
+++ src/share/examples/npf/l2tp_gw-npf.conf	Fri Sep 20 17:51:04 2013
@@ -19,7 +19,7 @@ procedure "log" {
 	log: npflog0
 }
 
-group (name "external", interface $ext_if) {
+group "external" on $ext_if {
 	#
 	# Allow DHCP requests (even to reserved addresses).
 	#
@@ -127,13 +127,13 @@ group (name "external", interface $ext_i
 	block return-rst in final proto tcp flags S/SA all apply "log"
 }
 
-group (name "internal", interface $int_if) {
+group "internal" on $int_if {
 	# Pass everything to internal networks,
 	# should be ok, because we are nat'ed.
 	pass final all
 }
 
-group (default) {
+group default {
 	# Loopback interface should allows packets to traverse it.
 	pass final on lo0 all
 	# For one L2TP tunnel, needs interface pre-created, post-destroyed

Reply via email to