xref: /freebsd/sbin/pfctl/tests/files/pf0007.ok (revision 6683132d54bd6d589889e43dabdc53d35e38a028)
1block drop out log on tun1000000 all
2block drop in log on tun1000000 all
3block return-rst out log on tun1000000 proto tcp all
4block return-rst in log on tun1000000 proto tcp all
5block return-icmp(port-unr, port-unr) out log on tun1000000 proto udp all
6block return-icmp(port-unr, port-unr) in log on tun1000000 proto udp all
7block drop out log quick on tun1000000 inet from ! 157.161.48.183 to any
8block drop in quick on tun1000000 inet from any to 255.255.255.255
9block drop in log quick on tun1000000 inet from 10.0.0.0/8 to any
10block drop in log quick on tun1000000 inet from 172.16.0.0/12 to any
11block drop in log quick on tun1000000 inet from 192.168.0.0/16 to any
12block drop in log quick on tun1000000 inet from 255.255.255.255 to any
13pass out on tun1000000 inet proto icmp all icmp-type echoreq code 0 keep state
14pass in on tun1000000 inet proto icmp all icmp-type echoreq code 0 keep state
15pass out on tun1000000 proto udp all keep state
16pass in on tun1000000 proto udp from any to any port = domain keep state
17pass out on tun1000000 proto tcp all flags S/SA modulate state
18pass in on tun1000000 proto tcp all flags S/SA modulate state
19pass in on tun1000000 proto udp all keep state
20pass in on tun1000000 proto icmp all keep state
21pass in on tun1000000 proto udp all keep state
22pass in on tun1000000 proto tcp all flags S/SA synproxy state
23pass in on tun1000000 proto icmp all keep state
24pass in on tun1000000 proto tcp from any to any port = ssh flags S/SA modulate state
25pass in on tun1000000 proto tcp from any to any port = smtp flags S/SA modulate state
26pass in on tun1000000 proto tcp from any to any port = domain flags S/SA modulate state
27pass in on tun1000000 proto tcp from any to any port = auth flags S/SA modulate state
28