xref: /titanic_41/usr/src/cmd/ipf/examples/example.5 (revision d58fda4376e4bf67072ce2e69f6f47036f9dbb68)
1#
2# test ruleset
3#
4# allow packets coming from foo to bar through.
5#
6pass in from 10.1.1.2 to 10.2.1.1
7#
8# allow any TCP packets from the same subnet as foo is on through to host
9# 10.1.1.2 if they are destined for port 6667.
10#
11pass in proto tcp from 10.2.2.2/24 to 10.1.1.2/32 port = 6667
12#
13# allow in UDP packets which are NOT from port 53 and are destined for
14# localhost
15#
16pass in proto udp from 10.2.2.2 port != 53 to localhost
17#
18# block all ICMP unreachables.
19#
20block in proto icmp from any to any icmp-type unreach
21#
22# allow packets through which have a non-standard IP header length (ie there
23# are IP options such as source-routing present).
24#
25pass in from any to any with ipopts
26