Re: The State of NPF?

2017-07-27 Thread John Nemeth
On Jul 24, 7:54pm, Ryan Brackenbury wrote: } } - NAT Hairpinning is troublesome. For the life of me, I cannot get it to NAT Hairpinning is just plain troublesome. } - NPF won't automatically reload the IPs on the interfaces if they change. } I have a cronjob doing `npfctl reload` every 5

Re: The State of NPF?

2017-07-26 Thread Christos Zoulas
On Jul 26, 8:53pm, acr...@gmail.com (Andy Ruhl) wrote: -- Subject: Re: The State of NPF? | On Wed, Jul 26, 2017 at 8:19 PM, Christos Zoulas <chris...@astron.com> wrote: | > Thanks for you detailed report. Yes, all these are known deficiencies. | > Some of them are easier to fix tha

Re: The State of NPF?

2017-07-26 Thread Andy Ruhl
On Wed, Jul 26, 2017 at 8:19 PM, Christos Zoulas wrote: > Thanks for you detailed report. Yes, all these are known deficiencies. > Some of them are easier to fix than others. We need to find someone to > work on them. I've saved a copy of your message and I hope to find the >

Re: The State of NPF?

2017-07-26 Thread Christos Zoulas
In article

Re: The State of NPF?

2017-07-25 Thread Jan Danielsson
On 07/25/17 01:54, Ryan Brackenbury wrote: [---] > - No UPnP support as far as I am aware It's surprisingly easy to add support for new packet filters to miniupnpd, so it's not a big task. The only current showstopper is that npf supports dynamic filtering rules but not dynamic NAT rules.

Re: The State of NPF?

2017-07-25 Thread Leonardo Taccari
Hello Ryan, sorry for the incomplemete response but I will just try to address the documentation part of it. Ryan Brackenbury writes: > [...] > - NPF documentation is also a bit of a sore point. The examples provided in > /usr/share do not cover all the common situations that might arise. I

Re: The State of NPF?

2017-07-25 Thread BERTRAND Joël
Ryan Brackenbury a écrit : - No QoS support (ALTQ only works with PF, as far as I am aware) I use ALTQ with NPF without any trouble on -7 and -8. ALTQ is mandatory to route VoIP over VPN. I always hear if ALTQ is stopped ;-) ftp-proxy doesn't work with NPF. I have tried to fix it without

The State of NPF?

2017-07-24 Thread Ryan Brackenbury
his theory. THE TL;DR - I am curious about the 'State of NPF' as it is now. I have not seen a lot of development on the NPF front, and it would be a real shame to let such a great firewall die off. So far, no other netfilter I have worked with has su