diff options
| author | Mike Frantzen <frantzen@cvs.openbsd.org> | 2001-08-25 21:54:27 +0000 |
|---|---|---|
| committer | Mike Frantzen <frantzen@cvs.openbsd.org> | 2001-08-25 21:54:27 +0000 |
| commit | f00d16aa4fbd32becd24a08c97723cc515d6e839 (patch) | |
| tree | e0feb293994276b51611926e71e518b4844c1084 /regress/sbin/pfctl/pf7.ok | |
| parent | ab1d7a2717833d8c2829339059cfe38422f0ca31 (diff) | |
PF ISN randomization. Or in trekkie techno-babble, ISN phase modulation.
Diffstat (limited to 'regress/sbin/pfctl/pf7.ok')
| -rw-r--r-- | regress/sbin/pfctl/pf7.ok | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/regress/sbin/pfctl/pf7.ok b/regress/sbin/pfctl/pf7.ok new file mode 100644 index 00000000000..09739abe061 --- /dev/null +++ b/regress/sbin/pfctl/pf7.ok @@ -0,0 +1,21 @@ +@1 block out log on kue0 all +@1 block in log on kue0 all +@1 block return-rst out log on kue0 proto tcp all +@1 block return-rst in log on kue0 proto tcp all +@1 block return-icmp out log on kue0 proto udp all +@1 block return-icmp in log on kue0 proto udp all +@1 block out log quick on kue0 from ! 157.161.48.183 to any +@1 block in quick on kue0 from any to 255.255.255.255 +@1 block in log quick on kue0 from 10.0.0.0/255.0.0.0 to any +@1 block in log quick on kue0 from 172.16.0.0/255.240.0.0 to any +@1 block in log quick on kue0 from 192.168.0.0/255.255.0.0 to any +@1 block in log quick on kue0 from 255.255.255.255 to any +@1 pass out on kue0 proto icmp all icmp-type echoreq code 0 keep state +@1 pass in on kue0 proto icmp all icmp-type echoreq code 0 keep state +@1 pass out on kue0 proto udp all keep state +@1 pass in on kue0 proto udp from any to any port = domain keep state +@1 pass out on kue0 proto tcp all modulate state +@1 pass in on kue0 proto tcp from any to any port = ssh modulate state +@1 pass in on kue0 proto tcp from any to any port = smtp modulate state +@1 pass in on kue0 proto tcp from any to any port = domain modulate state +@1 pass in on kue0 proto tcp from any to any port = auth modulate state |