netbsd pf is way too old, and it looks like their plan is to
not update, but to convince people to use another new filter
written from scratch and used by a handful of people.
Good luck.
> I installed netbsd on raspberry pi and intent to
> use pf as a firewall. Seems that pf version on the
> current (7.99.1) is about 4.2 or 4.3 openbsd ver-
> sion. I am aware that I might stay locked out if
> I make mistake, since the node is ssh reachable.
> At first, I would start pf and stay with an option
> to have new start:
>
> # pfctl -f /etc/pf.conf; shutdown -r +10
>
> What bothers me are rules, that could be a mismatch.
> In fact, it is basic one node configuration like:
>
> set skip on lo0
> match in all scrub (no-df)
> block in all
> block out all
> pass out on fxp0 proto { tcp, udp, icmp } from any to any modulate state
> pass in on fxp0 proto tcp from any to any port ssh
>
> Would this be enough for old version on netbsd or
> I have to change the syntax?
> Best regards
>
> Zoran
