block -> block drop

16 files changed, 106 insertions, 106 deletions

diff --git a/regress/sbin/pfctl/pf10.ok b/regress/sbin/pfctl/pf10.ok
index df8c6c8a4f3..cc167a7b76b 100644
--- a/regress/sbin/pfctl/pf10.ok
+++ b/regress/sbin/pfctl/pf10.ok
@@ -1,7 +1,7 @@
 pass in inet proto icmp all 
 pass in inet6 proto ipv6-icmp all 
-block in inet proto icmp all 
-block in inet6 proto ipv6-icmp all 
+block drop in inet proto icmp all 
+block drop in inet6 proto ipv6-icmp all 
 block return-rst in inet proto tcp all 
 block return-rst in inet6 proto tcp all 
 block return-rst(ttl 10) in inet proto tcp all 
diff --git a/regress/sbin/pfctl/pf11.ok b/regress/sbin/pfctl/pf11.ok
index 8e70086e4ca..78a677cc47b 100644
--- a/regress/sbin/pfctl/pf11.ok
+++ b/regress/sbin/pfctl/pf11.ok
@@ -6,13 +6,13 @@ pass in inet6 proto ipv6-icmp all ipv6-icmp-type 0
 pass in inet6 proto ipv6-icmp all ipv6-icmp-type 0 code 0 
 pass in inet6 proto ipv6-icmp all ipv6-icmp-type unreach 
 pass in inet6 proto ipv6-icmp all ipv6-icmp-type unreach code admin-unr 
-block in inet proto icmp all icmp-type echorep 
-block in inet proto icmp all icmp-type echorep code 0 
-block in inet proto icmp all icmp-type 1 
-block in inet proto icmp all icmp-type 1 code 1 
-block in inet6 proto ipv6-icmp all ipv6-icmp-type 0 
-block in inet6 proto ipv6-icmp all ipv6-icmp-type 0 code 0 
-block in inet6 proto ipv6-icmp all ipv6-icmp-type unreach 
-block in inet6 proto ipv6-icmp all ipv6-icmp-type unreach code admin-unr 
+block drop in inet proto icmp all icmp-type echorep 
+block drop in inet proto icmp all icmp-type echorep code 0 
+block drop in inet proto icmp all icmp-type 1 
+block drop in inet proto icmp all icmp-type 1 code 1 
+block drop in inet6 proto ipv6-icmp all ipv6-icmp-type 0 
+block drop in inet6 proto ipv6-icmp all ipv6-icmp-type 0 code 0 
+block drop in inet6 proto ipv6-icmp all ipv6-icmp-type unreach 
+block drop in inet6 proto ipv6-icmp all ipv6-icmp-type unreach code admin-unr 
 pass in inet proto icmp all icmp-type unreach code needfrag 
 pass in inet6 proto ipv6-icmp all ipv6-icmp-type timex code reassemb 
diff --git a/regress/sbin/pfctl/pf13.ok b/regress/sbin/pfctl/pf13.ok
index 01b28384001..85e48745026 100644
--- a/regress/sbin/pfctl/pf13.ok
+++ b/regress/sbin/pfctl/pf13.ok
@@ -4,8 +4,8 @@ pass in quick on enc0 fastroute inet6 all
 pass out quick on tun0 route-to tun1 inet all 
 pass out quick on tun0 route-to tun1 inet from any to 192.168.1.1 
 pass out quick on tun0 route-to tun1 inet6 from any to fec0::1 
-block in on tun0 dup-to (tun1 192.168.1.1) inet proto tcp from any to any port = ftp 
-block in on tun0 dup-to (tun1 fec0::1) inet6 proto tcp from any to any port = ftp 
+block drop in on tun0 dup-to (tun1 192.168.1.1) inet proto tcp from any to any port = ftp 
+block drop in on tun0 dup-to (tun1 fec0::1) inet6 proto tcp from any to any port = ftp 
 pass in quick on tun0 route-to tun1 inet from 192.168.1.1 to 10.1.1.1 
 pass in quick on tun0 route-to tun1 inet6 from fec0::/64 to fec1::2 
 pass in quick on tun0 dup-to (tun1 192.168.1.100) inet from 192.168.1.1 to 10.1.1.1 
diff --git a/regress/sbin/pfctl/pf2.ok b/regress/sbin/pfctl/pf2.ok
index 22c078521eb..e65d48d05fe 100644
--- a/regress/sbin/pfctl/pf2.ok
+++ b/regress/sbin/pfctl/pf2.ok
@@ -1,16 +1,16 @@
-block out log on tun0 all 
-block in log on tun0 all 
+block drop out log on tun0 all 
+block drop in log on tun0 all 
 block return-rst out log on tun0 proto tcp all 
 block return-rst in log on tun0 proto tcp all 
 block return-icmp(port-unr, port-unr) out log on tun0 proto udp all 
 block return-icmp(port-unr, port-unr) in log on tun0 proto udp all 
-block out log quick on tun0 inet from ! 157.161.48.183 to any 
-block in quick on tun0 inet from any to 255.255.255.255 
-block in log quick on tun0 inet from 10.0.0.0/8 to any 
-block in log quick on tun0 inet from 172.16.0.0/12 to any 
-block in log quick on tun0 inet from 192.168.0.0/16 to any 
-block in log quick on tun0 inet from 255.255.255.255 to any 
-block in log quick from no-route to any 
+block drop out log quick on tun0 inet from ! 157.161.48.183 to any 
+block drop in quick on tun0 inet from any to 255.255.255.255 
+block drop in log quick on tun0 inet from 10.0.0.0/8 to any 
+block drop in log quick on tun0 inet from 172.16.0.0/12 to any 
+block drop in log quick on tun0 inet from 192.168.0.0/16 to any 
+block drop in log quick on tun0 inet from 255.255.255.255 to any 
+block drop in log quick from no-route to any 
 pass out on tun0 inet proto icmp all icmp-type echoreq code 0 keep state 
 pass in on tun0 inet proto icmp all icmp-type echoreq code 0 keep state 
 pass out on tun0 proto udp all keep state 
diff --git a/regress/sbin/pfctl/pf23.ok b/regress/sbin/pfctl/pf23.ok
index e41a3e261ba..b0a7d83eb71 100644
--- a/regress/sbin/pfctl/pf23.ok
+++ b/regress/sbin/pfctl/pf23.ok
@@ -1 +1 @@
-block in on ! lo0 all 
+block drop in on ! lo0 all 
diff --git a/regress/sbin/pfctl/pf25.ok b/regress/sbin/pfctl/pf25.ok
index 6f1ea1ec526..a6efe4aed77 100644
--- a/regress/sbin/pfctl/pf25.ok
+++ b/regress/sbin/pfctl/pf25.ok
@@ -1,3 +1,3 @@
-block in on ! lo0 inet from 127.0.0.0/8 to any 
-block in on ! lo0 inet6 from ::1 to any 
-block in log quick on ! lo0 inet from 127.0.0.0/8 to any 
+block drop in on ! lo0 inet from 127.0.0.0/8 to any 
+block drop in on ! lo0 inet6 from ::1 to any 
+block drop in log quick on ! lo0 inet from 127.0.0.0/8 to any 
diff --git a/regress/sbin/pfctl/pf26.ok b/regress/sbin/pfctl/pf26.ok
index 99b0c34630b..1c2df4229ef 100644
--- a/regress/sbin/pfctl/pf26.ok
+++ b/regress/sbin/pfctl/pf26.ok
@@ -1,2 +1,2 @@
-block in on lo0 inet from ! (lo0) to any 
-block out on lo0 inet from any to ! (lo0) 
+block drop in on lo0 inet from ! (lo0) to any 
+block drop out on lo0 inet from any to ! (lo0) 
diff --git a/regress/sbin/pfctl/pf28.ok b/regress/sbin/pfctl/pf28.ok
index 11322152bf7..38b349ef845 100644
--- a/regress/sbin/pfctl/pf28.ok
+++ b/regress/sbin/pfctl/pf28.ok
@@ -1,6 +1,6 @@
-block in log-all quick on lo0 all 
-block in log quick on lo0 all 
-block in log-all quick on lo0 all 
-block in log quick on lo0 all 
-block in log on lo0 all 
-block in log-all on lo0 all 
+block drop in log-all quick on lo0 all 
+block drop in log quick on lo0 all 
+block drop in log-all quick on lo0 all 
+block drop in log quick on lo0 all 
+block drop in log on lo0 all 
+block drop in log-all on lo0 all 
diff --git a/regress/sbin/pfctl/pf3.ok b/regress/sbin/pfctl/pf3.ok
index 20866b6dd18..a8ae29581c6 100644
--- a/regress/sbin/pfctl/pf3.ok
+++ b/regress/sbin/pfctl/pf3.ok
@@ -1,8 +1,8 @@
 pass in all 
 pass in all 
-block in proto tcp all flags FPUEW/FSRPAUEW 
-block in proto tcp all flags FS/FSRA 
-block in proto tcp all flags /FSRAW 
+block drop in proto tcp all flags FPUEW/FSRPAUEW 
+block drop in proto tcp all flags FS/FSRA 
+block drop in proto tcp all flags /FSRAW 
 pass in proto udp all 
 pass in proto icmp all 
 pass in proto tcp all flags S/SA 
diff --git a/regress/sbin/pfctl/pf30.ok b/regress/sbin/pfctl/pf30.ok
index 46509924aab..66742b12af2 100644
--- a/regress/sbin/pfctl/pf30.ok
+++ b/regress/sbin/pfctl/pf30.ok
@@ -1 +1 @@
-block in on lo0 all 
+block drop in on lo0 all 
diff --git a/regress/sbin/pfctl/pf31.ok b/regress/sbin/pfctl/pf31.ok
index a8664622b04..a44ee5f2b25 100644
--- a/regress/sbin/pfctl/pf31.ok
+++ b/regress/sbin/pfctl/pf31.ok
@@ -3,9 +3,9 @@ set block-policy return
 block return in on lo0 all 
 block return in on lo0 inet all 
 block return in on lo0 inet6 all 
-block in on lo0 all 
-block in on lo0 inet all 
-block in on lo0 inet6 all 
+block drop in on lo0 all 
+block drop in on lo0 inet all 
+block drop in on lo0 inet6 all 
 block return in on lo0 all 
 block return in on lo0 inet all 
 block return in on lo0 inet6 all 
diff --git a/regress/sbin/pfctl/pf4.ok b/regress/sbin/pfctl/pf4.ok
index 6c1a3f504e2..d51cc9a3d94 100644
--- a/regress/sbin/pfctl/pf4.ok
+++ b/regress/sbin/pfctl/pf4.ok
@@ -1,46 +1,46 @@
-block in all 
-block in proto tcp all 
-block in proto tcp all 
-block in proto udp all 
-block in all 
-block in inet from 10.0.0.0/8 to any 
-block in inet from ! 10.0.0.0/8 to any 
-block in inet from 10.0.0.0/8 to any 
-block in inet from 172.16.0.0/12 to any 
-block in proto tcp from any port = ssh to any 
-block in proto tcp from any port = ssh to any 
-block in proto tcp from any port 21 >< 2048 to any 
-block in proto tcp from any port != 1234 to any 
-block in proto tcp from any port >= 80 to any 
-block in inet proto tcp from 10.0.0.0/8 port = ssh to 192.168.0.0/16 port = 6667 
-block in inet proto tcp from 10.0.0.0/8 port = ssh to 192.168.0.0/16 port = 6668 
-block in inet proto tcp from 10.0.0.0/8 port = ssh to 12.34.56.78 port = 6667 
-block in inet proto tcp from 10.0.0.0/8 port = ssh to 12.34.56.78 port = 6668 
-block in inet proto tcp from 10.0.0.0/8 port = ftp to 192.168.0.0/16 port = 6667 
-block in inet proto tcp from 10.0.0.0/8 port = ftp to 192.168.0.0/16 port = 6668 
-block in inet proto tcp from 10.0.0.0/8 port = ftp to 12.34.56.78 port = 6667 
-block in inet proto tcp from 10.0.0.0/8 port = ftp to 12.34.56.78 port = 6668 
-block in inet proto tcp from 172.16.0.0/12 port = ssh to 192.168.0.0/16 port = 6667 
-block in inet proto tcp from 172.16.0.0/12 port = ssh to 192.168.0.0/16 port = 6668 
-block in inet proto tcp from 172.16.0.0/12 port = ssh to 12.34.56.78 port = 6667 
-block in inet proto tcp from 172.16.0.0/12 port = ssh to 12.34.56.78 port = 6668 
-block in inet proto tcp from 172.16.0.0/12 port = ftp to 192.168.0.0/16 port = 6667 
-block in inet proto tcp from 172.16.0.0/12 port = ftp to 192.168.0.0/16 port = 6668 
-block in inet proto tcp from 172.16.0.0/12 port = ftp to 12.34.56.78 port = 6667 
-block in inet proto tcp from 172.16.0.0/12 port = ftp to 12.34.56.78 port = 6668 
-block in inet proto udp from 10.0.0.0/8 port = ssh to 192.168.0.0/16 port = 6667 
-block in inet proto udp from 10.0.0.0/8 port = ssh to 192.168.0.0/16 port = 6668 
-block in inet proto udp from 10.0.0.0/8 port = ssh to 12.34.56.78 port = 6667 
-block in inet proto udp from 10.0.0.0/8 port = ssh to 12.34.56.78 port = 6668 
-block in inet proto udp from 10.0.0.0/8 port = 21 to 192.168.0.0/16 port = 6667 
-block in inet proto udp from 10.0.0.0/8 port = 21 to 192.168.0.0/16 port = 6668 
-block in inet proto udp from 10.0.0.0/8 port = 21 to 12.34.56.78 port = 6667 
-block in inet proto udp from 10.0.0.0/8 port = 21 to 12.34.56.78 port = 6668 
-block in inet proto udp from 172.16.0.0/12 port = ssh to 192.168.0.0/16 port = 6667 
-block in inet proto udp from 172.16.0.0/12 port = ssh to 192.168.0.0/16 port = 6668 
-block in inet proto udp from 172.16.0.0/12 port = ssh to 12.34.56.78 port = 6667 
-block in inet proto udp from 172.16.0.0/12 port = ssh to 12.34.56.78 port = 6668 
-block in inet proto udp from 172.16.0.0/12 port = 21 to 192.168.0.0/16 port = 6667 
-block in inet proto udp from 172.16.0.0/12 port = 21 to 192.168.0.0/16 port = 6668 
-block in inet proto udp from 172.16.0.0/12 port = 21 to 12.34.56.78 port = 6667 
-block in inet proto udp from 172.16.0.0/12 port = 21 to 12.34.56.78 port = 6668 
+block drop in all 
+block drop in proto tcp all 
+block drop in proto tcp all 
+block drop in proto udp all 
+block drop in all 
+block drop in inet from 10.0.0.0/8 to any 
+block drop in inet from ! 10.0.0.0/8 to any 
+block drop in inet from 10.0.0.0/8 to any 
+block drop in inet from 172.16.0.0/12 to any 
+block drop in proto tcp from any port = ssh to any 
+block drop in proto tcp from any port = ssh to any 
+block drop in proto tcp from any port 21 >< 2048 to any 
+block drop in proto tcp from any port != 1234 to any 
+block drop in proto tcp from any port >= 80 to any 
+block drop in inet proto tcp from 10.0.0.0/8 port = ssh to 192.168.0.0/16 port = 6667 
+block drop in inet proto tcp from 10.0.0.0/8 port = ssh to 192.168.0.0/16 port = 6668 
+block drop in inet proto tcp from 10.0.0.0/8 port = ssh to 12.34.56.78 port = 6667 
+block drop in inet proto tcp from 10.0.0.0/8 port = ssh to 12.34.56.78 port = 6668 
+block drop in inet proto tcp from 10.0.0.0/8 port = ftp to 192.168.0.0/16 port = 6667 
+block drop in inet proto tcp from 10.0.0.0/8 port = ftp to 192.168.0.0/16 port = 6668 
+block drop in inet proto tcp from 10.0.0.0/8 port = ftp to 12.34.56.78 port = 6667 
+block drop in inet proto tcp from 10.0.0.0/8 port = ftp to 12.34.56.78 port = 6668 
+block drop in inet proto tcp from 172.16.0.0/12 port = ssh to 192.168.0.0/16 port = 6667 
+block drop in inet proto tcp from 172.16.0.0/12 port = ssh to 192.168.0.0/16 port = 6668 
+block drop in inet proto tcp from 172.16.0.0/12 port = ssh to 12.34.56.78 port = 6667 
+block drop in inet proto tcp from 172.16.0.0/12 port = ssh to 12.34.56.78 port = 6668 
+block drop in inet proto tcp from 172.16.0.0/12 port = ftp to 192.168.0.0/16 port = 6667 
+block drop in inet proto tcp from 172.16.0.0/12 port = ftp to 192.168.0.0/16 port = 6668 
+block drop in inet proto tcp from 172.16.0.0/12 port = ftp to 12.34.56.78 port = 6667 
+block drop in inet proto tcp from 172.16.0.0/12 port = ftp to 12.34.56.78 port = 6668 
+block drop in inet proto udp from 10.0.0.0/8 port = ssh to 192.168.0.0/16 port = 6667 
+block drop in inet proto udp from 10.0.0.0/8 port = ssh to 192.168.0.0/16 port = 6668 
+block drop in inet proto udp from 10.0.0.0/8 port = ssh to 12.34.56.78 port = 6667 
+block drop in inet proto udp from 10.0.0.0/8 port = ssh to 12.34.56.78 port = 6668 
+block drop in inet proto udp from 10.0.0.0/8 port = 21 to 192.168.0.0/16 port = 6667 
+block drop in inet proto udp from 10.0.0.0/8 port = 21 to 192.168.0.0/16 port = 6668 
+block drop in inet proto udp from 10.0.0.0/8 port = 21 to 12.34.56.78 port = 6667 
+block drop in inet proto udp from 10.0.0.0/8 port = 21 to 12.34.56.78 port = 6668 
+block drop in inet proto udp from 172.16.0.0/12 port = ssh to 192.168.0.0/16 port = 6667 
+block drop in inet proto udp from 172.16.0.0/12 port = ssh to 192.168.0.0/16 port = 6668 
+block drop in inet proto udp from 172.16.0.0/12 port = ssh to 12.34.56.78 port = 6667 
+block drop in inet proto udp from 172.16.0.0/12 port = ssh to 12.34.56.78 port = 6668 
+block drop in inet proto udp from 172.16.0.0/12 port = 21 to 192.168.0.0/16 port = 6667 
+block drop in inet proto udp from 172.16.0.0/12 port = 21 to 192.168.0.0/16 port = 6668 
+block drop in inet proto udp from 172.16.0.0/12 port = 21 to 12.34.56.78 port = 6667 
+block drop in inet proto udp from 172.16.0.0/12 port = 21 to 12.34.56.78 port = 6668 
diff --git a/regress/sbin/pfctl/pf5.ok b/regress/sbin/pfctl/pf5.ok
index a09f801d6b2..930c6af6074 100644
--- a/regress/sbin/pfctl/pf5.ok
+++ b/regress/sbin/pfctl/pf5.ok
@@ -1,11 +1,11 @@
 foo = "ssh, ftp"
 bar = "other thing"
 inside = "10.0.0.0/8"
-block in inet proto udp from 10.0.0.0/8 port = echo to 12.34.56.78 port = 6667 
-block in inet proto udp from 10.0.0.0/8 port = echo to 12.34.56.78 port = 16 
-block in inet proto udp from 10.0.0.0/8 port = ssh to 12.34.56.78 port = 6667 
-block in inet proto udp from 10.0.0.0/8 port = ssh to 12.34.56.78 port = 16 
-block in inet proto udp from 10.0.0.0/8 port = 21 to 12.34.56.78 port = 6667 
-block in inet proto udp from 10.0.0.0/8 port = 21 to 12.34.56.78 port = 16 
-block in inet proto udp from 10.0.0.0/8 port = 113 to 12.34.56.78 port = 6667 
-block in inet proto udp from 10.0.0.0/8 port = 113 to 12.34.56.78 port = 16 
+block drop in inet proto udp from 10.0.0.0/8 port = echo to 12.34.56.78 port = 6667 
+block drop in inet proto udp from 10.0.0.0/8 port = echo to 12.34.56.78 port = 16 
+block drop in inet proto udp from 10.0.0.0/8 port = ssh to 12.34.56.78 port = 6667 
+block drop in inet proto udp from 10.0.0.0/8 port = ssh to 12.34.56.78 port = 16 
+block drop in inet proto udp from 10.0.0.0/8 port = 21 to 12.34.56.78 port = 6667 
+block drop in inet proto udp from 10.0.0.0/8 port = 21 to 12.34.56.78 port = 16 
+block drop in inet proto udp from 10.0.0.0/8 port = 113 to 12.34.56.78 port = 6667 
+block drop in inet proto udp from 10.0.0.0/8 port = 113 to 12.34.56.78 port = 16 
diff --git a/regress/sbin/pfctl/pf7.ok b/regress/sbin/pfctl/pf7.ok
index 627f72c3a79..295f2f8074a 100644
--- a/regress/sbin/pfctl/pf7.ok
+++ b/regress/sbin/pfctl/pf7.ok
@@ -1,15 +1,15 @@
-block out log on tun0 all 
-block in log on tun0 all 
+block drop out log on tun0 all 
+block drop in log on tun0 all 
 block return-rst out log on tun0 proto tcp all 
 block return-rst in log on tun0 proto tcp all 
 block return-icmp(port-unr, port-unr) out log on tun0 proto udp all 
 block return-icmp(port-unr, port-unr) in log on tun0 proto udp all 
-block out log quick on tun0 inet from ! 157.161.48.183 to any 
-block in quick on tun0 inet from any to 255.255.255.255 
-block in log quick on tun0 inet from 10.0.0.0/8 to any 
-block in log quick on tun0 inet from 172.16.0.0/12 to any 
-block in log quick on tun0 inet from 192.168.0.0/16 to any 
-block in log quick on tun0 inet from 255.255.255.255 to any 
+block drop out log quick on tun0 inet from ! 157.161.48.183 to any 
+block drop in quick on tun0 inet from any to 255.255.255.255 
+block drop in log quick on tun0 inet from 10.0.0.0/8 to any 
+block drop in log quick on tun0 inet from 172.16.0.0/12 to any 
+block drop in log quick on tun0 inet from 192.168.0.0/16 to any 
+block drop in log quick on tun0 inet from 255.255.255.255 to any 
 pass out on tun0 inet proto icmp all icmp-type echoreq code 0 keep state 
 pass in on tun0 inet proto icmp all icmp-type echoreq code 0 keep state 
 pass out on tun0 proto udp all keep state 
diff --git a/regress/sbin/pfctl/pf8.ok b/regress/sbin/pfctl/pf8.ok
index 7b73977d705..ecf95275649 100644
--- a/regress/sbin/pfctl/pf8.ok
+++ b/regress/sbin/pfctl/pf8.ok
@@ -1,3 +1,3 @@
 extern = "{ ! 10.0.0.0/8, 10.1.2.3 }"
-block out log on tun1 inet from ! 10.0.0.0/8 to any 
-block out log on tun1 inet from 10.1.2.3 to any 
+block drop out log on tun1 inet from ! 10.0.0.0/8 to any 
+block drop out log on tun1 inet from 10.1.2.3 to any 
diff --git a/regress/sbin/pfctl/pf9.ok b/regress/sbin/pfctl/pf9.ok
index 05be5804c6d..7e4c7f27352 100644
--- a/regress/sbin/pfctl/pf9.ok
+++ b/regress/sbin/pfctl/pf9.ok
@@ -1,3 +1,3 @@
 interfaces = "{ enc0, tun0 }"
-block in on enc0 all 
-block in on tun0 all 
+block drop in on enc0 all 
+block drop in on tun0 all