diff options
| author | Daniel Hartmeier <dhartmei@cvs.openbsd.org> | 2002-02-27 18:23:40 +0000 |
|---|---|---|
| committer | Daniel Hartmeier <dhartmei@cvs.openbsd.org> | 2002-02-27 18:23:40 +0000 |
| commit | fd65dce822c9526f698c5f08ae844eaa21ec03a1 (patch) | |
| tree | dc5bd0c210f571f3e422ea373c51f33c125eef36 /regress/sbin/pfctl | |
| parent | 0112a0c2d5320ea0e4034b4db6908c62fc3b8dc8 (diff) | |
And adjust regress tests to match the rule number output.
Diffstat (limited to 'regress/sbin/pfctl')
| -rw-r--r-- | regress/sbin/pfctl/pf1.ok | 10 | ||||
| -rw-r--r-- | regress/sbin/pfctl/pf10.ok | 50 | ||||
| -rw-r--r-- | regress/sbin/pfctl/pf11.ok | 30 | ||||
| -rw-r--r-- | regress/sbin/pfctl/pf12.ok | 8 | ||||
| -rw-r--r-- | regress/sbin/pfctl/pf13.ok | 22 | ||||
| -rw-r--r-- | regress/sbin/pfctl/pf2.ok | 40 | ||||
| -rw-r--r-- | regress/sbin/pfctl/pf3.ok | 8 | ||||
| -rw-r--r-- | regress/sbin/pfctl/pf4.ok | 90 | ||||
| -rw-r--r-- | regress/sbin/pfctl/pf5.ok | 14 | ||||
| -rw-r--r-- | regress/sbin/pfctl/pf7.ok | 40 | ||||
| -rw-r--r-- | regress/sbin/pfctl/pf8.ok | 2 | ||||
| -rw-r--r-- | regress/sbin/pfctl/pf9.ok | 2 |
12 files changed, 158 insertions, 158 deletions
diff --git a/regress/sbin/pfctl/pf1.ok b/regress/sbin/pfctl/pf1.ok index b3f7245d057..c9bf8d16971 100644 --- a/regress/sbin/pfctl/pf1.ok +++ b/regress/sbin/pfctl/pf1.ok @@ -1,6 +1,6 @@ @0 pass in all -@0 pass in all -@0 pass in proto tcp from any port <= 1024 to any label foo_bar -@0 pass in proto tcp from any to any port = smtp -@0 pass in inet proto tcp from 10.0.0.0/8 port > 1024 to ! 10.1.2.3/32 port != ssh -@0 pass in inet proto igmp from 10.0.0.0/8 to 10.1.1.1/32 allow-opts +@1 pass in all +@2 pass in proto tcp from any port <= 1024 to any label foo_bar +@3 pass in proto tcp from any to any port = smtp +@4 pass in inet proto tcp from 10.0.0.0/8 port > 1024 to ! 10.1.2.3/32 port != ssh +@5 pass in inet proto igmp from 10.0.0.0/8 to 10.1.1.1/32 allow-opts diff --git a/regress/sbin/pfctl/pf10.ok b/regress/sbin/pfctl/pf10.ok index cb292b0a896..ba755ce573b 100644 --- a/regress/sbin/pfctl/pf10.ok +++ b/regress/sbin/pfctl/pf10.ok @@ -1,26 +1,26 @@ @0 pass in inet proto icmp all -@0 pass in inet6 proto ipv6-icmp all -@0 block in inet proto icmp all -@0 block in inet6 proto ipv6-icmp all -@0 block return-rst in inet proto icmp all -@0 block return-rst in inet6 proto ipv6-icmp all -@0 block return-icmp in inet proto icmp all -@0 block return-icmp(net-unr) in inet proto icmp all -@0 block return-icmp(net-unr) in inet proto icmp all -@0 block return-icmp(srcfail) in inet proto icmp all -@0 block return-icmp(srcfail) in inet proto icmp all -@0 block return-icmp(host-prohib) in inet proto icmp all -@0 block return-icmp(host-prohib) in inet proto icmp all -@0 block return-icmp(cutoff-preced) in inet proto icmp all -@0 block return-icmp(cutoff-preced) in inet proto icmp all -@0 block return-icmp6 in inet6 proto ipv6-icmp all -@0 block return-icmp6(noroute-unr) in inet6 proto ipv6-icmp all -@0 block return-icmp6(noroute-unr) in inet6 proto ipv6-icmp all -@0 block return-icmp6(admin-unr) in inet6 proto ipv6-icmp all -@0 block return-icmp6(admin-unr) in inet6 proto ipv6-icmp all -@0 block return-icmp6(notnbr-unr) in inet6 proto ipv6-icmp all -@0 block return-icmp6(notnbr-unr) in inet6 proto ipv6-icmp all -@0 block return-icmp6(addr-unr) in inet6 proto ipv6-icmp all -@0 block return-icmp6(addr-unr) in inet6 proto ipv6-icmp all -@0 block return-icmp6 in inet6 proto ipv6-icmp all -@0 block return-icmp6 in inet6 proto ipv6-icmp all +@1 pass in inet6 proto ipv6-icmp all +@2 block in inet proto icmp all +@3 block in inet6 proto ipv6-icmp all +@4 block return-rst in inet proto icmp all +@5 block return-rst in inet6 proto ipv6-icmp all +@6 block return-icmp in inet proto icmp all +@7 block return-icmp(net-unr) in inet proto icmp all +@8 block return-icmp(net-unr) in inet proto icmp all +@9 block return-icmp(srcfail) in inet proto icmp all +@10 block return-icmp(srcfail) in inet proto icmp all +@11 block return-icmp(host-prohib) in inet proto icmp all +@12 block return-icmp(host-prohib) in inet proto icmp all +@13 block return-icmp(cutoff-preced) in inet proto icmp all +@14 block return-icmp(cutoff-preced) in inet proto icmp all +@15 block return-icmp6 in inet6 proto ipv6-icmp all +@16 block return-icmp6(noroute-unr) in inet6 proto ipv6-icmp all +@17 block return-icmp6(noroute-unr) in inet6 proto ipv6-icmp all +@18 block return-icmp6(admin-unr) in inet6 proto ipv6-icmp all +@19 block return-icmp6(admin-unr) in inet6 proto ipv6-icmp all +@20 block return-icmp6(notnbr-unr) in inet6 proto ipv6-icmp all +@21 block return-icmp6(notnbr-unr) in inet6 proto ipv6-icmp all +@22 block return-icmp6(addr-unr) in inet6 proto ipv6-icmp all +@23 block return-icmp6(addr-unr) in inet6 proto ipv6-icmp all +@24 block return-icmp6 in inet6 proto ipv6-icmp all +@25 block return-icmp6 in inet6 proto ipv6-icmp all diff --git a/regress/sbin/pfctl/pf11.ok b/regress/sbin/pfctl/pf11.ok index 5a7f27b72f9..e73b60e0ab2 100644 --- a/regress/sbin/pfctl/pf11.ok +++ b/regress/sbin/pfctl/pf11.ok @@ -1,16 +1,16 @@ @0 pass in inet proto icmp all icmp-type echorep -@0 pass in inet proto icmp all icmp-type echorep code 0 -@0 pass in inet proto icmp all icmp-type 1 -@0 pass in inet proto icmp all icmp-type 1 code 1 -@0 pass in inet6 proto ipv6-icmp all ipv6-icmp-type 0 -@0 pass in inet6 proto ipv6-icmp all ipv6-icmp-type 0 code 0 -@0 pass in inet6 proto ipv6-icmp all ipv6-icmp-type unreach -@0 pass in inet6 proto ipv6-icmp all ipv6-icmp-type unreach code admin-unr -@0 block in inet proto icmp all icmp-type echorep -@0 block in inet proto icmp all icmp-type echorep code 0 -@0 block in inet proto icmp all icmp-type 1 -@0 block in inet proto icmp all icmp-type 1 code 1 -@0 block in inet6 proto ipv6-icmp all ipv6-icmp-type 0 -@0 block in inet6 proto ipv6-icmp all ipv6-icmp-type 0 code 0 -@0 block in inet6 proto ipv6-icmp all ipv6-icmp-type unreach -@0 block in inet6 proto ipv6-icmp all ipv6-icmp-type unreach code admin-unr +@1 pass in inet proto icmp all icmp-type echorep code 0 +@2 pass in inet proto icmp all icmp-type 1 +@3 pass in inet proto icmp all icmp-type 1 code 1 +@4 pass in inet6 proto ipv6-icmp all ipv6-icmp-type 0 +@5 pass in inet6 proto ipv6-icmp all ipv6-icmp-type 0 code 0 +@6 pass in inet6 proto ipv6-icmp all ipv6-icmp-type unreach +@7 pass in inet6 proto ipv6-icmp all ipv6-icmp-type unreach code admin-unr +@8 block in inet proto icmp all icmp-type echorep +@9 block in inet proto icmp all icmp-type echorep code 0 +@10 block in inet proto icmp all icmp-type 1 +@11 block in inet proto icmp all icmp-type 1 code 1 +@12 block in inet6 proto ipv6-icmp all ipv6-icmp-type 0 +@13 block in inet6 proto ipv6-icmp all ipv6-icmp-type 0 code 0 +@14 block in inet6 proto ipv6-icmp all ipv6-icmp-type unreach +@15 block in inet6 proto ipv6-icmp all ipv6-icmp-type unreach code admin-unr diff --git a/regress/sbin/pfctl/pf12.ok b/regress/sbin/pfctl/pf12.ok index 7577152029c..18d92f75316 100644 --- a/regress/sbin/pfctl/pf12.ok +++ b/regress/sbin/pfctl/pf12.ok @@ -1,5 +1,5 @@ @0 pass in inet from 127.0.0.1/32 to 127.0.0.1/8 -@0 pass in inet from 127.0.0.1/16 to 127.0.0.1/24 -@0 pass in inet from 127.0.0.1/25 to ! 127.0.0.1/26 -@0 pass in inet from ! 127.0.0.1/32 to 127.0.0.1/16 -@0 pass in inet from ! 127.0.0.1/32 to ! 127.0.0.1/8 +@1 pass in inet from 127.0.0.1/16 to 127.0.0.1/24 +@2 pass in inet from 127.0.0.1/25 to ! 127.0.0.1/26 +@3 pass in inet from ! 127.0.0.1/32 to 127.0.0.1/16 +@4 pass in inet from ! 127.0.0.1/32 to ! 127.0.0.1/8 diff --git a/regress/sbin/pfctl/pf13.ok b/regress/sbin/pfctl/pf13.ok index 870ba872e54..00dffe49017 100644 --- a/regress/sbin/pfctl/pf13.ok +++ b/regress/sbin/pfctl/pf13.ok @@ -1,12 +1,12 @@ @0 pass in quick on enc0 fastroute all -@0 pass in quick on enc0 fastroute inet all -@0 pass in quick on enc0 fastroute inet6 all -@0 pass out quick on tun0 route-to tun1 all -@0 pass out quick on tun0 route-to tun1 inet from any to 192.168.1.1/32 -@0 pass out quick on tun0 route-to tun1 inet6 from any to fec0::1/128 -@0 block in on tun0 dup-to tun1:192.168.1.1 inet proto tcp from any to any port = ftp -@0 block in on tun0 dup-to tun1:fec0::1 inet6 proto tcp from any to any port = ftp -@0 pass in quick on tun0 route-to tun1 inet from 192.168.1.1/32 to 10.1.1.1/32 -@0 pass in quick on tun0 route-to tun1 inet6 from fec0::1/64 to fec1::2/128 -@0 pass in quick on tun0 dup-to tun1:192.168.1.100 inet from 192.168.1.1/32 to 10.1.1.1/32 -@0 pass in quick on tun0 dup-to tun1:fec1::2 inet6 from fec0::1/64 to fec1::2/128 +@1 pass in quick on enc0 fastroute inet all +@2 pass in quick on enc0 fastroute inet6 all +@3 pass out quick on tun0 route-to tun1 all +@4 pass out quick on tun0 route-to tun1 inet from any to 192.168.1.1/32 +@5 pass out quick on tun0 route-to tun1 inet6 from any to fec0::1/128 +@6 block in on tun0 dup-to tun1:192.168.1.1 inet proto tcp from any to any port = ftp +@7 block in on tun0 dup-to tun1:fec0::1 inet6 proto tcp from any to any port = ftp +@8 pass in quick on tun0 route-to tun1 inet from 192.168.1.1/32 to 10.1.1.1/32 +@9 pass in quick on tun0 route-to tun1 inet6 from fec0::1/64 to fec1::2/128 +@10 pass in quick on tun0 dup-to tun1:192.168.1.100 inet from 192.168.1.1/32 to 10.1.1.1/32 +@11 pass in quick on tun0 dup-to tun1:fec1::2 inet6 from fec0::1/64 to fec1::2/128 diff --git a/regress/sbin/pfctl/pf2.ok b/regress/sbin/pfctl/pf2.ok index 88b99c002da..55f37414c8f 100644 --- a/regress/sbin/pfctl/pf2.ok +++ b/regress/sbin/pfctl/pf2.ok @@ -1,21 +1,21 @@ @0 block out log on tun0 all -@0 block in log on tun0 all -@0 block return-rst out log on tun0 proto tcp all -@0 block return-rst in log on tun0 proto tcp all -@0 block return-icmp out log on tun0 proto udp all -@0 block return-icmp in log on tun0 proto udp all -@0 block out log quick on tun0 inet from ! 157.161.48.183/32 to any -@0 block in quick on tun0 inet from any to 255.255.255.255/32 -@0 block in log quick on tun0 inet from 10.0.0.0/8 to any -@0 block in log quick on tun0 inet from 172.16.0.0/12 to any -@0 block in log quick on tun0 inet from 192.168.0.0/16 to any -@0 block in log quick on tun0 inet from 255.255.255.255/32 to any -@0 pass out on tun0 inet proto icmp all icmp-type echoreq code 0 keep state -@0 pass in on tun0 inet proto icmp all icmp-type echoreq code 0 keep state -@0 pass out on tun0 proto udp all keep state -@0 pass in on tun0 proto udp from any to any port = domain keep state -@0 pass out on tun0 proto tcp all keep state -@0 pass in on tun0 proto tcp from any to any port = ssh keep state -@0 pass in on tun0 proto tcp from any to any port = smtp keep state -@0 pass in on tun0 proto tcp from any to any port = domain keep state -@0 pass in on tun0 proto tcp from any to any port = auth keep state +@1 block in log on tun0 all +@2 block return-rst out log on tun0 proto tcp all +@3 block return-rst in log on tun0 proto tcp all +@4 block return-icmp out log on tun0 proto udp all +@5 block return-icmp in log on tun0 proto udp all +@6 block out log quick on tun0 inet from ! 157.161.48.183/32 to any +@7 block in quick on tun0 inet from any to 255.255.255.255/32 +@8 block in log quick on tun0 inet from 10.0.0.0/8 to any +@9 block in log quick on tun0 inet from 172.16.0.0/12 to any +@10 block in log quick on tun0 inet from 192.168.0.0/16 to any +@11 block in log quick on tun0 inet from 255.255.255.255/32 to any +@12 pass out on tun0 inet proto icmp all icmp-type echoreq code 0 keep state +@13 pass in on tun0 inet proto icmp all icmp-type echoreq code 0 keep state +@14 pass out on tun0 proto udp all keep state +@15 pass in on tun0 proto udp from any to any port = domain keep state +@16 pass out on tun0 proto tcp all keep state +@17 pass in on tun0 proto tcp from any to any port = ssh keep state +@18 pass in on tun0 proto tcp from any to any port = smtp keep state +@19 pass in on tun0 proto tcp from any to any port = domain keep state +@20 pass in on tun0 proto tcp from any to any port = auth keep state diff --git a/regress/sbin/pfctl/pf3.ok b/regress/sbin/pfctl/pf3.ok index 0caf78f0176..ac5a1c893e2 100644 --- a/regress/sbin/pfctl/pf3.ok +++ b/regress/sbin/pfctl/pf3.ok @@ -1,5 +1,5 @@ @0 pass in all -@0 pass in all -@0 block in proto tcp all flags FPU/FSRPAU -@0 block in proto tcp all flags FS/FSRA -@0 block in proto tcp all flags /FSRA +@1 pass in all +@2 block in proto tcp all flags FPU/FSRPAU +@3 block in proto tcp all flags FS/FSRA +@4 block in proto tcp all flags /FSRA diff --git a/regress/sbin/pfctl/pf4.ok b/regress/sbin/pfctl/pf4.ok index 12924cea306..d3c017c357d 100644 --- a/regress/sbin/pfctl/pf4.ok +++ b/regress/sbin/pfctl/pf4.ok @@ -1,46 +1,46 @@ @0 block in all -@0 block in proto tcp all -@0 block in proto udp all -@0 block in proto tcp all -@0 block in all -@0 block in inet from 10.0.0.0/8 to any -@0 block in inet from ! 10.0.0.0/8 to any -@0 block in inet from 172.16.0.0/12 to any -@0 block in inet from 10.0.0.0/8 to any -@0 block in proto tcp from any port = ssh to any -@0 block in proto tcp from any port >= 80 to any -@0 block in proto tcp from any port != 1234 to any -@0 block in proto tcp from any port 21 >< 2048 to any -@0 block in proto tcp from any port = ssh to any -@0 block in inet proto udp from 172.16.0.0/12 port = 21 to 12.34.56.78/32 port = 6668 keep state -@0 block in inet proto udp from 172.16.0.0/12 port = 21 to 12.34.56.78/32 port = 6667 keep state -@0 block in inet proto udp from 172.16.0.0/12 port = 21 to 192.168.0.0/16 port = 6668 keep state -@0 block in inet proto udp from 172.16.0.0/12 port = 21 to 192.168.0.0/16 port = 6667 keep state -@0 block in inet proto udp from 172.16.0.0/12 port = ssh to 12.34.56.78/32 port = 6668 keep state -@0 block in inet proto udp from 172.16.0.0/12 port = ssh to 12.34.56.78/32 port = 6667 keep state -@0 block in inet proto udp from 172.16.0.0/12 port = ssh to 192.168.0.0/16 port = 6668 keep state -@0 block in inet proto udp from 172.16.0.0/12 port = ssh to 192.168.0.0/16 port = 6667 keep state -@0 block in inet proto udp from 10.0.0.0/8 port = 21 to 12.34.56.78/32 port = 6668 keep state -@0 block in inet proto udp from 10.0.0.0/8 port = 21 to 12.34.56.78/32 port = 6667 keep state -@0 block in inet proto udp from 10.0.0.0/8 port = 21 to 192.168.0.0/16 port = 6668 keep state -@0 block in inet proto udp from 10.0.0.0/8 port = 21 to 192.168.0.0/16 port = 6667 keep state -@0 block in inet proto udp from 10.0.0.0/8 port = ssh to 12.34.56.78/32 port = 6668 keep state -@0 block in inet proto udp from 10.0.0.0/8 port = ssh to 12.34.56.78/32 port = 6667 keep state -@0 block in inet proto udp from 10.0.0.0/8 port = ssh to 192.168.0.0/16 port = 6668 keep state -@0 block in inet proto udp from 10.0.0.0/8 port = ssh to 192.168.0.0/16 port = 6667 keep state -@0 block in inet proto tcp from 172.16.0.0/12 port = ftp to 12.34.56.78/32 port = 6668 keep state -@0 block in inet proto tcp from 172.16.0.0/12 port = ftp to 12.34.56.78/32 port = 6667 keep state -@0 block in inet proto tcp from 172.16.0.0/12 port = ftp to 192.168.0.0/16 port = 6668 keep state -@0 block in inet proto tcp from 172.16.0.0/12 port = ftp to 192.168.0.0/16 port = 6667 keep state -@0 block in inet proto tcp from 172.16.0.0/12 port = ssh to 12.34.56.78/32 port = 6668 keep state -@0 block in inet proto tcp from 172.16.0.0/12 port = ssh to 12.34.56.78/32 port = 6667 keep state -@0 block in inet proto tcp from 172.16.0.0/12 port = ssh to 192.168.0.0/16 port = 6668 keep state -@0 block in inet proto tcp from 172.16.0.0/12 port = ssh to 192.168.0.0/16 port = 6667 keep state -@0 block in inet proto tcp from 10.0.0.0/8 port = ftp to 12.34.56.78/32 port = 6668 keep state -@0 block in inet proto tcp from 10.0.0.0/8 port = ftp to 12.34.56.78/32 port = 6667 keep state -@0 block in inet proto tcp from 10.0.0.0/8 port = ftp to 192.168.0.0/16 port = 6668 keep state -@0 block in inet proto tcp from 10.0.0.0/8 port = ftp to 192.168.0.0/16 port = 6667 keep state -@0 block in inet proto tcp from 10.0.0.0/8 port = ssh to 12.34.56.78/32 port = 6668 keep state -@0 block in inet proto tcp from 10.0.0.0/8 port = ssh to 12.34.56.78/32 port = 6667 keep state -@0 block in inet proto tcp from 10.0.0.0/8 port = ssh to 192.168.0.0/16 port = 6668 keep state -@0 block in inet proto tcp from 10.0.0.0/8 port = ssh to 192.168.0.0/16 port = 6667 keep state +@1 block in proto tcp all +@2 block in proto udp all +@3 block in proto tcp all +@4 block in all +@5 block in inet from 10.0.0.0/8 to any +@6 block in inet from ! 10.0.0.0/8 to any +@7 block in inet from 172.16.0.0/12 to any +@8 block in inet from 10.0.0.0/8 to any +@9 block in proto tcp from any port = ssh to any +@10 block in proto tcp from any port >= 80 to any +@11 block in proto tcp from any port != 1234 to any +@12 block in proto tcp from any port 21 >< 2048 to any +@13 block in proto tcp from any port = ssh to any +@14 block in inet proto udp from 172.16.0.0/12 port = 21 to 12.34.56.78/32 port = 6668 keep state +@15 block in inet proto udp from 172.16.0.0/12 port = 21 to 12.34.56.78/32 port = 6667 keep state +@16 block in inet proto udp from 172.16.0.0/12 port = 21 to 192.168.0.0/16 port = 6668 keep state +@17 block in inet proto udp from 172.16.0.0/12 port = 21 to 192.168.0.0/16 port = 6667 keep state +@18 block in inet proto udp from 172.16.0.0/12 port = ssh to 12.34.56.78/32 port = 6668 keep state +@19 block in inet proto udp from 172.16.0.0/12 port = ssh to 12.34.56.78/32 port = 6667 keep state +@20 block in inet proto udp from 172.16.0.0/12 port = ssh to 192.168.0.0/16 port = 6668 keep state +@21 block in inet proto udp from 172.16.0.0/12 port = ssh to 192.168.0.0/16 port = 6667 keep state +@22 block in inet proto udp from 10.0.0.0/8 port = 21 to 12.34.56.78/32 port = 6668 keep state +@23 block in inet proto udp from 10.0.0.0/8 port = 21 to 12.34.56.78/32 port = 6667 keep state +@24 block in inet proto udp from 10.0.0.0/8 port = 21 to 192.168.0.0/16 port = 6668 keep state +@25 block in inet proto udp from 10.0.0.0/8 port = 21 to 192.168.0.0/16 port = 6667 keep state +@26 block in inet proto udp from 10.0.0.0/8 port = ssh to 12.34.56.78/32 port = 6668 keep state +@27 block in inet proto udp from 10.0.0.0/8 port = ssh to 12.34.56.78/32 port = 6667 keep state +@28 block in inet proto udp from 10.0.0.0/8 port = ssh to 192.168.0.0/16 port = 6668 keep state +@29 block in inet proto udp from 10.0.0.0/8 port = ssh to 192.168.0.0/16 port = 6667 keep state +@30 block in inet proto tcp from 172.16.0.0/12 port = ftp to 12.34.56.78/32 port = 6668 keep state +@31 block in inet proto tcp from 172.16.0.0/12 port = ftp to 12.34.56.78/32 port = 6667 keep state +@32 block in inet proto tcp from 172.16.0.0/12 port = ftp to 192.168.0.0/16 port = 6668 keep state +@33 block in inet proto tcp from 172.16.0.0/12 port = ftp to 192.168.0.0/16 port = 6667 keep state +@34 block in inet proto tcp from 172.16.0.0/12 port = ssh to 12.34.56.78/32 port = 6668 keep state +@35 block in inet proto tcp from 172.16.0.0/12 port = ssh to 12.34.56.78/32 port = 6667 keep state +@36 block in inet proto tcp from 172.16.0.0/12 port = ssh to 192.168.0.0/16 port = 6668 keep state +@37 block in inet proto tcp from 172.16.0.0/12 port = ssh to 192.168.0.0/16 port = 6667 keep state +@38 block in inet proto tcp from 10.0.0.0/8 port = ftp to 12.34.56.78/32 port = 6668 keep state +@39 block in inet proto tcp from 10.0.0.0/8 port = ftp to 12.34.56.78/32 port = 6667 keep state +@40 block in inet proto tcp from 10.0.0.0/8 port = ftp to 192.168.0.0/16 port = 6668 keep state +@41 block in inet proto tcp from 10.0.0.0/8 port = ftp to 192.168.0.0/16 port = 6667 keep state +@42 block in inet proto tcp from 10.0.0.0/8 port = ssh to 12.34.56.78/32 port = 6668 keep state +@43 block in inet proto tcp from 10.0.0.0/8 port = ssh to 12.34.56.78/32 port = 6667 keep state +@44 block in inet proto tcp from 10.0.0.0/8 port = ssh to 192.168.0.0/16 port = 6668 keep state +@45 block in inet proto tcp from 10.0.0.0/8 port = ssh to 192.168.0.0/16 port = 6667 keep state diff --git a/regress/sbin/pfctl/pf5.ok b/regress/sbin/pfctl/pf5.ok index c059b3a32be..801c08d900c 100644 --- a/regress/sbin/pfctl/pf5.ok +++ b/regress/sbin/pfctl/pf5.ok @@ -2,10 +2,10 @@ foo = ssh, ftp bar = other thing inside = 10.0.0.0/8 @0 block in inet proto udp from 10.0.0.0/8 port = 113 to 12.34.56.78/32 port = 16 keep state -@0 block in inet proto udp from 10.0.0.0/8 port = 113 to 12.34.56.78/32 port = 6667 keep state -@0 block in inet proto udp from 10.0.0.0/8 port = 21 to 12.34.56.78/32 port = 16 keep state -@0 block in inet proto udp from 10.0.0.0/8 port = 21 to 12.34.56.78/32 port = 6667 keep state -@0 block in inet proto udp from 10.0.0.0/8 port = ssh to 12.34.56.78/32 port = 16 keep state -@0 block in inet proto udp from 10.0.0.0/8 port = ssh to 12.34.56.78/32 port = 6667 keep state -@0 block in inet proto udp from 10.0.0.0/8 port = echo to 12.34.56.78/32 port = 16 keep state -@0 block in inet proto udp from 10.0.0.0/8 port = echo to 12.34.56.78/32 port = 6667 keep state +@1 block in inet proto udp from 10.0.0.0/8 port = 113 to 12.34.56.78/32 port = 6667 keep state +@2 block in inet proto udp from 10.0.0.0/8 port = 21 to 12.34.56.78/32 port = 16 keep state +@3 block in inet proto udp from 10.0.0.0/8 port = 21 to 12.34.56.78/32 port = 6667 keep state +@4 block in inet proto udp from 10.0.0.0/8 port = ssh to 12.34.56.78/32 port = 16 keep state +@5 block in inet proto udp from 10.0.0.0/8 port = ssh to 12.34.56.78/32 port = 6667 keep state +@6 block in inet proto udp from 10.0.0.0/8 port = echo to 12.34.56.78/32 port = 16 keep state +@7 block in inet proto udp from 10.0.0.0/8 port = echo to 12.34.56.78/32 port = 6667 keep state diff --git a/regress/sbin/pfctl/pf7.ok b/regress/sbin/pfctl/pf7.ok index 2a9b393ba70..16202ac16d8 100644 --- a/regress/sbin/pfctl/pf7.ok +++ b/regress/sbin/pfctl/pf7.ok @@ -1,21 +1,21 @@ @0 block out log on tun0 all -@0 block in log on tun0 all -@0 block return-rst out log on tun0 proto tcp all -@0 block return-rst in log on tun0 proto tcp all -@0 block return-icmp out log on tun0 proto udp all -@0 block return-icmp in log on tun0 proto udp all -@0 block out log quick on tun0 inet from ! 157.161.48.183/32 to any -@0 block in quick on tun0 inet from any to 255.255.255.255/32 -@0 block in log quick on tun0 inet from 10.0.0.0/8 to any -@0 block in log quick on tun0 inet from 172.16.0.0/12 to any -@0 block in log quick on tun0 inet from 192.168.0.0/16 to any -@0 block in log quick on tun0 inet from 255.255.255.255/32 to any -@0 pass out on tun0 inet proto icmp all icmp-type echoreq code 0 keep state -@0 pass in on tun0 inet proto icmp all icmp-type echoreq code 0 keep state -@0 pass out on tun0 proto udp all keep state -@0 pass in on tun0 proto udp from any to any port = domain keep state -@0 pass out on tun0 proto tcp all modulate state -@0 pass in on tun0 proto tcp from any to any port = ssh modulate state -@0 pass in on tun0 proto tcp from any to any port = smtp modulate state -@0 pass in on tun0 proto tcp from any to any port = domain modulate state -@0 pass in on tun0 proto tcp from any to any port = auth modulate state +@1 block in log on tun0 all +@2 block return-rst out log on tun0 proto tcp all +@3 block return-rst in log on tun0 proto tcp all +@4 block return-icmp out log on tun0 proto udp all +@5 block return-icmp in log on tun0 proto udp all +@6 block out log quick on tun0 inet from ! 157.161.48.183/32 to any +@7 block in quick on tun0 inet from any to 255.255.255.255/32 +@8 block in log quick on tun0 inet from 10.0.0.0/8 to any +@9 block in log quick on tun0 inet from 172.16.0.0/12 to any +@10 block in log quick on tun0 inet from 192.168.0.0/16 to any +@11 block in log quick on tun0 inet from 255.255.255.255/32 to any +@12 pass out on tun0 inet proto icmp all icmp-type echoreq code 0 keep state +@13 pass in on tun0 inet proto icmp all icmp-type echoreq code 0 keep state +@14 pass out on tun0 proto udp all keep state +@15 pass in on tun0 proto udp from any to any port = domain keep state +@16 pass out on tun0 proto tcp all modulate state +@17 pass in on tun0 proto tcp from any to any port = ssh modulate state +@18 pass in on tun0 proto tcp from any to any port = smtp modulate state +@19 pass in on tun0 proto tcp from any to any port = domain modulate state +@20 pass in on tun0 proto tcp from any to any port = auth modulate state diff --git a/regress/sbin/pfctl/pf8.ok b/regress/sbin/pfctl/pf8.ok index 7f881dab3bb..584758ac97c 100644 --- a/regress/sbin/pfctl/pf8.ok +++ b/regress/sbin/pfctl/pf8.ok @@ -1,3 +1,3 @@ extern = { ! 10.0.0.0/8, 10.1.2.3 } @0 block out log on tun1 inet from 10.1.2.3/32 to any -@0 block out log on tun1 inet from ! 10.0.0.0/8 to any +@1 block out log on tun1 inet from ! 10.0.0.0/8 to any diff --git a/regress/sbin/pfctl/pf9.ok b/regress/sbin/pfctl/pf9.ok index 8c64f3e3331..46cc3ff19a1 100644 --- a/regress/sbin/pfctl/pf9.ok +++ b/regress/sbin/pfctl/pf9.ok @@ -1,3 +1,3 @@ interfaces = { enc0, tun0 } @0 block in on tun0 all -@0 block in on enc0 all +@1 block in on enc0 all |