Much as I'd like to migrate to npf, it still lacks features critical to my internet connection.
Multihomed interfaces, particularly where one or more addresses are dynamic, are an all-or-nothing proposition. To track dynamic adresses, one must apply the same rules to ALL addresses, not different rules for different addresses/networks. In my case, my external interface has a private address to communicate with the ADSL modem's status/config interface AND a dynamic address assigned by my ISP via DHCP. I need to track the dynamic address, but the two addresses/networks require different rule sets. I still require a properly proxied FTP capability. I don't recall if npf has grown this since it was last discussed years ago. So, 'pf' meets my needs, but 'npf' does not (yet--there was some discussion about syntax for filtering the address list returned for dynamic tracking, but I have not seen any commits claiming to implement this). -- |/"\ John D. Baker, KN5UKS NetBSD Darwin/MacOS X |\ / jdbaker[snail]consolidated[flyspeck]net OpenBSD FreeBSD | X No HTML/proprietary data in email. BSD just sits there and works! |/ \ GPGkeyID: D703 4A7E 479F 63F8 D3F4 BD99 9572 8F23 E4AD 1645
