Hi,
I started to work with npf and want to learn how it works. I read npf.conf(5)
and http://rmind.github.io/npf/ but currently I'm still struggling with the
groups.
npf.conf(5): "NPF requires that all rules be defined within groups. Groups can be
thought of as higher level rules which can contain subrules. Groups may have the
following options: name, interface, and direction. Packets matching group criteria are
passed to the ruleset of that group. If a packet does not match any group, it is passed
to the default group. The default group must always be defined."
"... Groups can be thought of as higher level rules which can contain subrules
..."
Does that also mean, groups can have sub-groups like:
group "" in {
...
group "" in on wm0{
...
}
}?
"... Packets matching group criteria are passed to the ruleset of that group.
..."
group "" in {
...
}
group "" in om wm0{
...
}
Are incoming packets on wm0 passed to the rulesets of both groups (assume no
final keyword) or first-match-wins or specific-prior-general or ...
"... Groups may have the following options: name, ..."
What is the intended use of the group names? When do I use/need them?
Kind regards
Thomas
