xref: /titanic_41/usr/src/cmd/ipf/examples/tcpstate (revision b509e89b2befbaa42939abad9da1d7f5a8c6aaae)
1#
2# Only allow TCP packets in/out of le0 if there is an outgoing connection setup
3# somewhere, waiting for it.
4#
5pass out quick on le0 proto tcp from any to any flags S/SAFR keep state
6block out on le0 proto tcp all
7block in on le0 proto tcp all
8#
9# allow nameserver queries and replies to pass through, but no other UDP
10#
11pass out quick on le0 proto udp from any to any port = 53 keep state
12block out on le0 proto udp all
13block in on le0 proto udp all
14