# $NetBSD: npf.boot.conf,v 1.2 2019/04/07 02:08:08 sevan Exp $ # # /etc/defaults/npf.boot.conf -- # initial configuration for npf(4) # # DO NOT EDIT THIS FILE DIRECTLY; IT MAY BE REPLACED DURING A SYSTEM UPGRADE. # EDIT /etc/npf.boot.conf INSTEAD. # set bpf.jit off group default { # Default deny. block all # Don't block loopback. pass on lo0 all # Allow outgoing DNS. pass stateful out to any port domain # Allow outgoing ping request, might be used by a DHCP client to validate # old (but valid) leases in case it needs to fall back to such a lease # (the DHCP server can be down or not responding). pass stateful out proto icmp icmp-type echo all # Allow DHCP pass out family inet4 proto udp from any port bootpc to any port bootps pass in family inet4 proto udp from any port bootps to any port bootpc # Allow IPv6 router/neighbor solicitation and advertisement. pass out family inet6 proto ipv6-icmp icmp-type rtsol all pass in family inet6 proto ipv6-icmp icmp-type rtadv all pass out family inet6 proto ipv6-icmp icmp-type neighsol all pass family inet6 proto ipv6-icmp icmp-type neighadv all # Enable CARP, to avoid spurious failovers. pass proto carp all }