1 block drop out log on tun1000000 all
2 block drop in log on tun1000000 all
3 block return-rst out log on tun1000000 proto tcp all
4 block return-rst in log on tun1000000 proto tcp all
5 block return-icmp(port-unr, port-unr) out log on tun1000000 proto udp all
6 block return-icmp(port-unr, port-unr) in log on tun1000000 proto udp all
7 block drop out log quick on tun1000000 inet from ! 157.161.48.183 to any
8 block drop in quick on tun1000000 inet from any to 255.255.255.255
9 block drop in log quick on tun1000000 inet from 10.0.0.0/8 to any
10 block drop in log quick on tun1000000 inet from 172.16.0.0/12 to any
11 block drop in log quick on tun1000000 inet from 192.168.0.0/16 to any
12 block drop in log quick on tun1000000 inet from 255.255.255.255 to any
13 pass out on tun1000000 inet proto icmp all icmp-type echoreq code 0 keep state
14 pass in on tun1000000 inet proto icmp all icmp-type echoreq code 0 keep state
15 pass out on tun1000000 proto udp all keep state
16 pass in on tun1000000 proto udp from any to any port = domain keep state
17 pass out on tun1000000 proto tcp all flags S/SA modulate state
18 pass in on tun1000000 proto tcp all flags S/SA modulate state
19 pass in on tun1000000 proto udp all keep state
20 pass in on tun1000000 proto icmp all keep state
21 pass in on tun1000000 proto udp all keep state
22 pass in on tun1000000 proto tcp all flags S/SA synproxy state
23 pass in on tun1000000 proto icmp all keep state
24 pass in on tun1000000 proto tcp from any to any port = ssh flags S/SA modulate state
25 pass in on tun1000000 proto tcp from any to any port = smtp flags S/SA modulate state
26 pass in on tun1000000 proto tcp from any to any port = domain flags S/SA modulate state
27 pass in on tun1000000 proto tcp from any to any port = auth flags S/SA modulate state
projects / FreeBSD / FreeBSD.git / blob