]> CyberLeo.Net >> Repos - FreeBSD/releng/10.0.git/blob - contrib/ipfilter/rules/tcpstate
projects / FreeBSD / releng / 10.0.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
- Copy stable/10 (r259064) to releng/10.0 as part of the
[FreeBSD/releng/10.0.git] / contrib / ipfilter / rules / tcpstate
1 #
2 # Only allow TCP packets in/out of le0 if there is an outgoing connection setup
3 # somewhere, waiting for it.
4 #
5 pass out quick on le0 proto tcp from any to any flags S/SAFR keep state
6 block out on le0 proto tcp all
7 block in on le0 proto tcp all
8 #
9 # allow nameserver queries and replies to pass through, but no other UDP
10 #
11 pass out quick on le0 proto udp from any to any port = 53 keep state
12 block out on le0 proto udp all
13 block in on le0 proto udp all
10.0-RELEASE