rudolf <[email protected]> wrote: > Hi, > > 1) > I just noticed a bug in "npfctl show" output. In case of a rule with > port numbers expressed using a variable (list), only the first of listed > ports is displayed. Using the example from npf.conf(5) man page (only > the significant parts):
There are known problems with "npfctl show". However, this component is going to change significantly. There is a Google Summer of Code 2013 project for this work: http://wiki.netbsd.org/projects/project/npf_bpf_unparser/ So, we are looking for talented students. :) > 2) > I was trying to use variables in a definition of a variable: > $ext_ipv4_0 = 10.0.0.200 > $ext_ipv4_1 = 10.0.0.201 > $ext_ipv4 = { $ext_ipv4_0, $ext_ipv4_1 } > pass stateful in final family inet proto tcp to $ext_ipv4 port ssh > > This is not possible, I get: > variable 'ext_ipv4' is of type 'variable-id' not 'family-address-mask' > > Is this a feature or a bug? Rather a lack of feature. This ought to be fixed. > 3) > Now tables are identified only as numbers, strings are converted to > number 0. Are there plans to support strings (probably with the same > naming rules as for the names of variables) as names of tables? > > 4) > With IPF, I use the "-h" option of "ipfstat" command frequently (I > usually do "ipfstat -hio"). It shows the number of times each rule > scores a "hit". I can't find corresponding feature of npfctl. Are there > plans to add it? Yes, there are plans for both. There are some higher priority features I plan to implement though, so do not hold your breath yet. -- Mindaugas
