On Tue, Jul 08, 2025 at 03:56:23PM +0000, Emmanuel wrote: > Module Name: src > Committed By: joe > Date: Tue Jul 8 15:56:23 UTC 2025 > > Modified Files: > src/sys/net/npf: npf_handler.c > > Log Message: > Pass frames directly when no layer 2 rules are set > > NPF's original implementation of default pass is to block. i.e if the packet > matches absolutely > no rule even the default group. we cannot use that in layer 2 as well since > all frames will be > blocked when no rules are set for layer 2 and that would not be good. since > NPF is primarily > a layer 3 filter.
How could this have escape testing? All the npf tests should have failed if your description is correct. --chris
