diff options
| author | Cedric Berger <cedric@cvs.openbsd.org> | 2003-07-29 20:28:35 +0000 |
|---|---|---|
| committer | Cedric Berger <cedric@cvs.openbsd.org> | 2003-07-29 20:28:35 +0000 |
| commit | 53593b8c8e36b38cb706b79fa887ea04005cd315 (patch) | |
| tree | b3d4a34251d84c4ab010aa26fa3ce8618e398ead /regress | |
| parent | b86fd036e8341bc573bb9d853ff0a0699a0f4dbf (diff) | |
Big Sync
Diffstat (limited to 'regress')
122 files changed, 1211 insertions, 1211 deletions
diff --git a/regress/sbin/pfctl/pf1.loaded b/regress/sbin/pfctl/pf1.loaded index 7f7171f684f..7bcd2c4f8e2 100644 --- a/regress/sbin/pfctl/pf1.loaded +++ b/regress/sbin/pfctl/pf1.loaded @@ -1,32 +1,32 @@ -@0 pass in all +@0 pass in all [ Skip steps: i=end d=end f=4 p=2 sa=4 sp=2 da=4 dp=3 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 pass in all +@1 pass in all [ Skip steps: i=end d=end f=4 sa=4 da=4 dp=3 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@2 pass in proto tcp from any port <= 1024 to any label "foo_bar" +@2 pass in proto tcp from any port <= 1024 to any label "foo_bar" [ Skip steps: i=end d=end f=4 p=5 sa=4 da=4 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@3 pass in proto tcp from any to any port = smtp +@3 pass in proto tcp from any to any port = smtp [ Skip steps: i=end d=end p=5 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@4 pass in inet proto tcp from 10.0.0.0/8 port > 1024 to ! 10.1.2.3 port != ssh +@4 pass in inet proto tcp from 10.0.0.0/8 port > 1024 to ! 10.1.2.3 port != ssh [ Skip steps: i=end d=end f=end sa=6 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@5 pass in inet proto igmp from 10.0.0.0/8 to 10.1.1.1 allow-opts +@5 pass in inet proto igmp from 10.0.0.0/8 to 10.1.1.1 allow-opts [ Skip steps: i=end d=end f=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@6 pass in inet proto tcp from 1.2.3.4 to any label "6:tcp:1.2.3.4::any:" +@6 pass in inet proto tcp from 1.2.3.4 to any label "6:tcp:1.2.3.4::any:" [ Skip steps: i=end d=end f=end p=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@7 pass in inet proto tcp from 1.2.3.5 to any label "7:tcp:1.2.3.5::any:" +@7 pass in inet proto tcp from 1.2.3.5 to any label "7:tcp:1.2.3.5::any:" [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf1.ok b/regress/sbin/pfctl/pf1.ok index b5d53258a52..4b2df4433d4 100644 --- a/regress/sbin/pfctl/pf1.ok +++ b/regress/sbin/pfctl/pf1.ok @@ -1,8 +1,8 @@ -pass in all -pass in all -pass in proto tcp from any port <= 1024 to any label "foo_bar" -pass in proto tcp from any to any port = smtp -pass in inet proto tcp from 10.0.0.0/8 port > 1024 to ! 10.1.2.3 port != ssh -pass in inet proto igmp from 10.0.0.0/8 to 10.1.1.1 allow-opts -pass in inet proto tcp from 1.2.3.4 to any label "6:tcp:1.2.3.4::any:" -pass in inet proto tcp from 1.2.3.5 to any label "7:tcp:1.2.3.5::any:" +pass in all +pass in all +pass in proto tcp from any port <= 1024 to any label "foo_bar" +pass in proto tcp from any to any port = smtp +pass in inet proto tcp from 10.0.0.0/8 port > 1024 to ! 10.1.2.3 port != ssh +pass in inet proto igmp from 10.0.0.0/8 to 10.1.1.1 allow-opts +pass in inet proto tcp from 1.2.3.4 to any label "6:tcp:1.2.3.4::any:" +pass in inet proto tcp from 1.2.3.5 to any label "7:tcp:1.2.3.5::any:" diff --git a/regress/sbin/pfctl/pf10.loaded b/regress/sbin/pfctl/pf10.loaded index 0494efd1e94..616a3207ffe 100644 --- a/regress/sbin/pfctl/pf10.loaded +++ b/regress/sbin/pfctl/pf10.loaded @@ -1,120 +1,120 @@ -@0 pass in inet proto icmp all +@0 pass in inet proto icmp all [ Skip steps: i=end d=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 pass in inet6 proto ipv6-icmp all +@1 pass in inet6 proto ipv6-icmp all [ Skip steps: i=end d=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@2 block drop in inet proto icmp all +@2 block drop in inet proto icmp all [ Skip steps: i=end d=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@3 block drop in inet6 proto ipv6-icmp all +@3 block drop in inet6 proto ipv6-icmp all [ Skip steps: i=end d=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@4 block return-rst in inet proto tcp all +@4 block return-rst in inet proto tcp all [ Skip steps: i=end d=end p=8 sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@5 block return-rst in inet6 proto tcp all +@5 block return-rst in inet6 proto tcp all [ Skip steps: i=end d=end p=8 sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@6 block return-rst(ttl 10) in inet proto tcp all +@6 block return-rst(ttl 10) in inet proto tcp all [ Skip steps: i=end d=end p=8 sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@7 block return-rst(ttl 10) in inet6 proto tcp all +@7 block return-rst(ttl 10) in inet6 proto tcp all [ Skip steps: i=end d=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@8 block return-icmp(port-unr) in inet proto icmp all +@8 block return-icmp(port-unr) in inet proto icmp all [ Skip steps: i=end d=end f=17 p=17 sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@9 block return-icmp(net-unr) in inet proto icmp all +@9 block return-icmp(net-unr) in inet proto icmp all [ Skip steps: i=end d=end f=17 p=17 sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@10 block return-icmp(net-unr) in inet proto icmp all +@10 block return-icmp(net-unr) in inet proto icmp all [ Skip steps: i=end d=end f=17 p=17 sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@11 block return-icmp(srcfail) in inet proto icmp all +@11 block return-icmp(srcfail) in inet proto icmp all [ Skip steps: i=end d=end f=17 p=17 sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@12 block return-icmp(srcfail) in inet proto icmp all +@12 block return-icmp(srcfail) in inet proto icmp all [ Skip steps: i=end d=end f=17 p=17 sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@13 block return-icmp(host-prohib) in inet proto icmp all +@13 block return-icmp(host-prohib) in inet proto icmp all [ Skip steps: i=end d=end f=17 p=17 sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@14 block return-icmp(host-prohib) in inet proto icmp all +@14 block return-icmp(host-prohib) in inet proto icmp all [ Skip steps: i=end d=end f=17 p=17 sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@15 block return-icmp(cutoff-preced) in inet proto icmp all +@15 block return-icmp(cutoff-preced) in inet proto icmp all [ Skip steps: i=end d=end f=17 p=17 sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@16 block return-icmp(cutoff-preced) in inet proto icmp all +@16 block return-icmp(cutoff-preced) in inet proto icmp all [ Skip steps: i=end d=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@17 block return-icmp6(port-unr) in inet6 proto ipv6-icmp all +@17 block return-icmp6(port-unr) in inet6 proto ipv6-icmp all [ Skip steps: i=end d=end f=28 p=28 sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@18 block return-icmp6(noroute-unr) in inet6 proto ipv6-icmp all +@18 block return-icmp6(noroute-unr) in inet6 proto ipv6-icmp all [ Skip steps: i=end d=end f=28 p=28 sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@19 block return-icmp6(noroute-unr) in inet6 proto ipv6-icmp all +@19 block return-icmp6(noroute-unr) in inet6 proto ipv6-icmp all [ Skip steps: i=end d=end f=28 p=28 sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@20 block return-icmp6(admin-unr) in inet6 proto ipv6-icmp all +@20 block return-icmp6(admin-unr) in inet6 proto ipv6-icmp all [ Skip steps: i=end d=end f=28 p=28 sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@21 block return-icmp6(admin-unr) in inet6 proto ipv6-icmp all +@21 block return-icmp6(admin-unr) in inet6 proto ipv6-icmp all [ Skip steps: i=end d=end f=28 p=28 sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@22 block return-icmp6(notnbr-unr) in inet6 proto ipv6-icmp all +@22 block return-icmp6(notnbr-unr) in inet6 proto ipv6-icmp all [ Skip steps: i=end d=end f=28 p=28 sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@23 block return-icmp6(notnbr-unr) in inet6 proto ipv6-icmp all +@23 block return-icmp6(notnbr-unr) in inet6 proto ipv6-icmp all [ Skip steps: i=end d=end f=28 p=28 sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@24 block return-icmp6(addr-unr) in inet6 proto ipv6-icmp all +@24 block return-icmp6(addr-unr) in inet6 proto ipv6-icmp all [ Skip steps: i=end d=end f=28 p=28 sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@25 block return-icmp6(addr-unr) in inet6 proto ipv6-icmp all +@25 block return-icmp6(addr-unr) in inet6 proto ipv6-icmp all [ Skip steps: i=end d=end f=28 p=28 sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@26 block return-icmp6(port-unr) in inet6 proto ipv6-icmp all +@26 block return-icmp6(port-unr) in inet6 proto ipv6-icmp all [ Skip steps: i=end d=end f=28 p=28 sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@27 block return-icmp6(port-unr) in inet6 proto ipv6-icmp all +@27 block return-icmp6(port-unr) in inet6 proto ipv6-icmp all [ Skip steps: i=end d=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@28 block return-icmp(srcfail, admin-unr) in all +@28 block return-icmp(srcfail, admin-unr) in all [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@29 block return-icmp(srcfail, admin-unr) in all +@29 block return-icmp(srcfail, admin-unr) in all [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf10.ok b/regress/sbin/pfctl/pf10.ok index cc167a7b76b..4b331a33da3 100644 --- a/regress/sbin/pfctl/pf10.ok +++ b/regress/sbin/pfctl/pf10.ok @@ -1,30 +1,30 @@ -pass in inet proto icmp all -pass in inet6 proto ipv6-icmp all -block drop in inet proto icmp all -block drop in inet6 proto ipv6-icmp all -block return-rst in inet proto tcp all -block return-rst in inet6 proto tcp all -block return-rst(ttl 10) in inet proto tcp all -block return-rst(ttl 10) in inet6 proto tcp all -block return-icmp(port-unr) in inet proto icmp all -block return-icmp(net-unr) in inet proto icmp all -block return-icmp(net-unr) in inet proto icmp all -block return-icmp(srcfail) in inet proto icmp all -block return-icmp(srcfail) in inet proto icmp all -block return-icmp(host-prohib) in inet proto icmp all -block return-icmp(host-prohib) in inet proto icmp all -block return-icmp(cutoff-preced) in inet proto icmp all -block return-icmp(cutoff-preced) in inet proto icmp all -block return-icmp6(port-unr) in inet6 proto ipv6-icmp all -block return-icmp6(noroute-unr) in inet6 proto ipv6-icmp all -block return-icmp6(noroute-unr) in inet6 proto ipv6-icmp all -block return-icmp6(admin-unr) in inet6 proto ipv6-icmp all -block return-icmp6(admin-unr) in inet6 proto ipv6-icmp all -block return-icmp6(notnbr-unr) in inet6 proto ipv6-icmp all -block return-icmp6(notnbr-unr) in inet6 proto ipv6-icmp all -block return-icmp6(addr-unr) in inet6 proto ipv6-icmp all -block return-icmp6(addr-unr) in inet6 proto ipv6-icmp all -block return-icmp6(port-unr) in inet6 proto ipv6-icmp all -block return-icmp6(port-unr) in inet6 proto ipv6-icmp all -block return-icmp(srcfail, admin-unr) in all -block return-icmp(srcfail, admin-unr) in all +pass in inet proto icmp all +pass in inet6 proto ipv6-icmp all +block drop in inet proto icmp all +block drop in inet6 proto ipv6-icmp all +block return-rst in inet proto tcp all +block return-rst in inet6 proto tcp all +block return-rst(ttl 10) in inet proto tcp all +block return-rst(ttl 10) in inet6 proto tcp all +block return-icmp(port-unr) in inet proto icmp all +block return-icmp(net-unr) in inet proto icmp all +block return-icmp(net-unr) in inet proto icmp all +block return-icmp(srcfail) in inet proto icmp all +block return-icmp(srcfail) in inet proto icmp all +block return-icmp(host-prohib) in inet proto icmp all +block return-icmp(host-prohib) in inet proto icmp all +block return-icmp(cutoff-preced) in inet proto icmp all +block return-icmp(cutoff-preced) in inet proto icmp all +block return-icmp6(port-unr) in inet6 proto ipv6-icmp all +block return-icmp6(noroute-unr) in inet6 proto ipv6-icmp all +block return-icmp6(noroute-unr) in inet6 proto ipv6-icmp all +block return-icmp6(admin-unr) in inet6 proto ipv6-icmp all +block return-icmp6(admin-unr) in inet6 proto ipv6-icmp all +block return-icmp6(notnbr-unr) in inet6 proto ipv6-icmp all +block return-icmp6(notnbr-unr) in inet6 proto ipv6-icmp all +block return-icmp6(addr-unr) in inet6 proto ipv6-icmp all +block return-icmp6(addr-unr) in inet6 proto ipv6-icmp all +block return-icmp6(port-unr) in inet6 proto ipv6-icmp all +block return-icmp6(port-unr) in inet6 proto ipv6-icmp all +block return-icmp(srcfail, admin-unr) in all +block return-icmp(srcfail, admin-unr) in all diff --git a/regress/sbin/pfctl/pf11.loaded b/regress/sbin/pfctl/pf11.loaded index 8c324fcf9fc..a72c3b51d96 100644 --- a/regress/sbin/pfctl/pf11.loaded +++ b/regress/sbin/pfctl/pf11.loaded @@ -1,72 +1,72 @@ -@0 pass in inet proto icmp all icmp-type echorep +@0 pass in inet proto icmp all icmp-type echorep [ Skip steps: i=end d=end f=4 p=4 sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 pass in inet proto icmp all icmp-type echorep code 0 +@1 pass in inet proto icmp all icmp-type echorep code 0 [ Skip steps: i=end d=end f=4 p=4 sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@2 pass in inet proto icmp all icmp-type 1 +@2 pass in inet proto icmp all icmp-type 1 [ Skip steps: i=end d=end f=4 p=4 sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@3 pass in inet proto icmp all icmp-type 1 code 1 +@3 pass in inet proto icmp all icmp-type 1 code 1 [ Skip steps: i=end d=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@4 pass in inet6 proto ipv6-icmp all icmp6-type 0 +@4 pass in inet6 proto ipv6-icmp all icmp6-type 0 [ Skip steps: i=end d=end f=8 p=8 sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@5 pass in inet6 proto ipv6-icmp all icmp6-type 0 code 0 +@5 pass in inet6 proto ipv6-icmp all icmp6-type 0 code 0 [ Skip steps: i=end d=end f=8 p=8 sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@6 pass in inet6 proto ipv6-icmp all icmp6-type unreach +@6 pass in inet6 proto ipv6-icmp all icmp6-type unreach [ Skip steps: i=end d=end f=8 p=8 sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@7 pass in inet6 proto ipv6-icmp all icmp6-type unreach code admin-unr +@7 pass in inet6 proto ipv6-icmp all icmp6-type unreach code admin-unr [ Skip steps: i=end d=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@8 block drop in inet proto icmp all icmp-type echorep +@8 block drop in inet proto icmp all icmp-type echorep [ Skip steps: i=end d=end f=12 p=12 sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@9 block drop in inet proto icmp all icmp-type echorep code 0 +@9 block drop in inet proto icmp all icmp-type echorep code 0 [ Skip steps: i=end d=end f=12 p=12 sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@10 block drop in inet proto icmp all icmp-type 1 +@10 block drop in inet proto icmp all icmp-type 1 [ Skip steps: i=end d=end f=12 p=12 sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@11 block drop in inet proto icmp all icmp-type 1 code 1 +@11 block drop in inet proto icmp all icmp-type 1 code 1 [ Skip steps: i=end d=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@12 block drop in inet6 proto ipv6-icmp all icmp6-type 0 +@12 block drop in inet6 proto ipv6-icmp all icmp6-type 0 [ Skip steps: i=end d=end f=16 p=16 sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@13 block drop in inet6 proto ipv6-icmp all icmp6-type 0 code 0 +@13 block drop in inet6 proto ipv6-icmp all icmp6-type 0 code 0 [ Skip steps: i=end d=end f=16 p=16 sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@14 block drop in inet6 proto ipv6-icmp all icmp6-type unreach +@14 block drop in inet6 proto ipv6-icmp all icmp6-type unreach [ Skip steps: i=end d=end f=16 p=16 sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@15 block drop in inet6 proto ipv6-icmp all icmp6-type unreach code admin-unr +@15 block drop in inet6 proto ipv6-icmp all icmp6-type unreach code admin-unr [ Skip steps: i=end d=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@16 pass in inet proto icmp all icmp-type unreach code needfrag +@16 pass in inet proto icmp all icmp-type unreach code needfrag [ Skip steps: i=end d=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@17 pass in inet6 proto ipv6-icmp all icmp6-type timex code reassemb +@17 pass in inet6 proto ipv6-icmp all icmp6-type timex code reassemb [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf11.ok b/regress/sbin/pfctl/pf11.ok index 40c68936752..a7dbcb85fe5 100644 --- a/regress/sbin/pfctl/pf11.ok +++ b/regress/sbin/pfctl/pf11.ok @@ -1,18 +1,18 @@ -pass in inet proto icmp all icmp-type echorep -pass in inet proto icmp all icmp-type echorep code 0 -pass in inet proto icmp all icmp-type 1 -pass in inet proto icmp all icmp-type 1 code 1 -pass in inet6 proto ipv6-icmp all icmp6-type 0 -pass in inet6 proto ipv6-icmp all icmp6-type 0 code 0 -pass in inet6 proto ipv6-icmp all icmp6-type unreach -pass in inet6 proto ipv6-icmp all icmp6-type unreach code admin-unr -block drop in inet proto icmp all icmp-type echorep -block drop in inet proto icmp all icmp-type echorep code 0 -block drop in inet proto icmp all icmp-type 1 -block drop in inet proto icmp all icmp-type 1 code 1 -block drop in inet6 proto ipv6-icmp all icmp6-type 0 -block drop in inet6 proto ipv6-icmp all icmp6-type 0 code 0 -block drop in inet6 proto ipv6-icmp all icmp6-type unreach -block drop in inet6 proto ipv6-icmp all icmp6-type unreach code admin-unr -pass in inet proto icmp all icmp-type unreach code needfrag -pass in inet6 proto ipv6-icmp all icmp6-type timex code reassemb +pass in inet proto icmp all icmp-type echorep +pass in inet proto icmp all icmp-type echorep code 0 +pass in inet proto icmp all icmp-type 1 +pass in inet proto icmp all icmp-type 1 code 1 +pass in inet6 proto ipv6-icmp all icmp6-type 0 +pass in inet6 proto ipv6-icmp all icmp6-type 0 code 0 +pass in inet6 proto ipv6-icmp all icmp6-type unreach +pass in inet6 proto ipv6-icmp all icmp6-type unreach code admin-unr +block drop in inet proto icmp all icmp-type echorep +block drop in inet proto icmp all icmp-type echorep code 0 +block drop in inet proto icmp all icmp-type 1 +block drop in inet proto icmp all icmp-type 1 code 1 +block drop in inet6 proto ipv6-icmp all icmp6-type 0 +block drop in inet6 proto ipv6-icmp all icmp6-type 0 code 0 +block drop in inet6 proto ipv6-icmp all icmp6-type unreach +block drop in inet6 proto ipv6-icmp all icmp6-type unreach code admin-unr +pass in inet proto icmp all icmp-type unreach code needfrag +pass in inet6 proto ipv6-icmp all icmp6-type timex code reassemb diff --git a/regress/sbin/pfctl/pf12.loaded b/regress/sbin/pfctl/pf12.loaded index 998fa60be3a..9c75fa22c71 100644 --- a/regress/sbin/pfctl/pf12.loaded +++ b/regress/sbin/pfctl/pf12.loaded @@ -1,20 +1,20 @@ -@0 pass in inet from 127.0.0.1 to 127.0.0.0/8 +@0 pass in inet from 127.0.0.1 to 127.0.0.0/8 [ Skip steps: i=end d=end f=end p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 pass in inet from 127.0.0.0/16 to 127.0.0.0/24 +@1 pass in inet from 127.0.0.0/16 to 127.0.0.0/24 [ Skip steps: i=end d=end f=end p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@2 pass in inet from 127.0.0.0/25 to ! 127.0.0.0/26 +@2 pass in inet from 127.0.0.0/25 to ! 127.0.0.0/26 [ Skip steps: i=end d=end f=end p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@3 pass in inet from ! 127.0.0.1 to 127.0.0.0/16 +@3 pass in inet from ! 127.0.0.1 to 127.0.0.0/16 [ Skip steps: i=end d=end f=end p=end sa=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@4 pass in inet from ! 127.0.0.1 to ! 127.0.0.0/8 +@4 pass in inet from ! 127.0.0.1 to ! 127.0.0.0/8 [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf12.ok b/regress/sbin/pfctl/pf12.ok index 058ac858c0a..d4314a16c8f 100644 --- a/regress/sbin/pfctl/pf12.ok +++ b/regress/sbin/pfctl/pf12.ok @@ -1,5 +1,5 @@ -pass in inet from 127.0.0.1 to 127.0.0.0/8 -pass in inet from 127.0.0.0/16 to 127.0.0.0/24 -pass in inet from 127.0.0.0/25 to ! 127.0.0.0/26 -pass in inet from ! 127.0.0.1 to 127.0.0.0/16 -pass in inet from ! 127.0.0.1 to ! 127.0.0.0/8 +pass in inet from 127.0.0.1 to 127.0.0.0/8 +pass in inet from 127.0.0.0/16 to 127.0.0.0/24 +pass in inet from 127.0.0.0/25 to ! 127.0.0.0/26 +pass in inet from ! 127.0.0.1 to 127.0.0.0/16 +pass in inet from ! 127.0.0.1 to ! 127.0.0.0/8 diff --git a/regress/sbin/pfctl/pf13.loaded b/regress/sbin/pfctl/pf13.loaded index ab32ac9e0eb..3dcbb66dbba 100644 --- a/regress/sbin/pfctl/pf13.loaded +++ b/regress/sbin/pfctl/pf13.loaded @@ -1,64 +1,64 @@ -@0 pass in quick on enc0 fastroute all +@0 pass in quick on enc0 fastroute all [ Skip steps: i=3 d=3 p=6 sa=8 sp=end da=4 dp=6 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 pass in quick on enc0 fastroute inet all +@1 pass in quick on enc0 fastroute inet all [ Skip steps: i=3 d=3 p=6 sa=8 sp=end da=4 dp=6 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@2 pass in quick on enc0 fastroute inet6 all +@2 pass in quick on enc0 fastroute inet6 all [ Skip steps: p=6 sa=8 sp=end da=4 dp=6 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@3 pass out quick on tun0 route-to tun1 inet all +@3 pass out quick on tun0 route-to tun1 inet all [ Skip steps: i=end d=6 f=5 p=6 sa=8 sp=end dp=6 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@4 pass out quick on tun0 route-to tun1 inet from any to 192.168.1.1 +@4 pass out quick on tun0 route-to tun1 inet from any to 192.168.1.1 [ Skip steps: i=end d=6 p=6 sa=8 sp=end dp=6 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@5 pass out quick on tun0 route-to tun1 inet6 from any to fec0::1 +@5 pass out quick on tun0 route-to tun1 inet6 from any to fec0::1 [ Skip steps: i=end sa=8 sp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@6 block drop in on tun0 dup-to (tun1 192.168.1.1) inet proto tcp from any to any port = ftp +@6 block drop in on tun0 dup-to (tun1 192.168.1.1) inet proto tcp from any to any port = ftp [ Skip steps: i=end d=end p=8 sa=8 sp=end da=8 dp=8 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@7 block drop in on tun0 dup-to (tun1 fec0::1) inet6 proto tcp from any to any port = ftp +@7 block drop in on tun0 dup-to (tun1 fec0::1) inet6 proto tcp from any to any port = ftp [ Skip steps: i=end d=end sp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@8 pass in quick on tun0 route-to tun1 inet from 192.168.1.1 to 10.1.1.1 +@8 pass in quick on tun0 route-to tun1 inet from 192.168.1.1 to 10.1.1.1 [ Skip steps: i=end d=end p=10 sp=end dp=10 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@9 pass in quick on tun0 route-to tun1 inet6 from fec0::/64 to fec1::2 +@9 pass in quick on tun0 route-to tun1 inet6 from fec0::/64 to fec1::2 [ Skip steps: i=end d=end sp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@10 block drop in on tun0 reply-to (tun1 192.168.1.1) inet proto tcp from any to any port = ftp +@10 block drop in on tun0 reply-to (tun1 192.168.1.1) inet proto tcp from any to any port = ftp [ Skip steps: i=end d=end p=12 sa=12 sp=end da=12 dp=12 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@11 block drop in on tun0 reply-to (tun1 fec0::1) inet6 proto tcp from any to any port = ftp +@11 block drop in on tun0 reply-to (tun1 fec0::1) inet6 proto tcp from any to any port = ftp [ Skip steps: i=end d=end sp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@12 pass in quick on tun0 reply-to tun1 inet from 192.168.1.1 to 10.1.1.1 +@12 pass in quick on tun0 reply-to tun1 inet from 192.168.1.1 to 10.1.1.1 [ Skip steps: i=end d=end p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@13 pass in quick on tun0 reply-to tun1 inet6 from fec0::/64 to fec1::2 +@13 pass in quick on tun0 reply-to tun1 inet6 from fec0::/64 to fec1::2 [ Skip steps: i=end d=end p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@14 pass in quick on tun0 dup-to (tun1 192.168.1.100) inet from 192.168.1.1 to 10.1.1.1 +@14 pass in quick on tun0 dup-to (tun1 192.168.1.100) inet from 192.168.1.1 to 10.1.1.1 [ Skip steps: i=end d=end p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@15 pass in quick on tun0 dup-to (tun1 fec1::2) inet6 from fec0::/64 to fec1::2 +@15 pass in quick on tun0 dup-to (tun1 fec1::2) inet6 from fec0::/64 to fec1::2 [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf13.ok b/regress/sbin/pfctl/pf13.ok index 69780ee9157..f8b4cec594e 100644 --- a/regress/sbin/pfctl/pf13.ok +++ b/regress/sbin/pfctl/pf13.ok @@ -1,16 +1,16 @@ -pass in quick on enc0 fastroute all -pass in quick on enc0 fastroute inet all -pass in quick on enc0 fastroute inet6 all -pass out quick on tun0 route-to tun1 inet all -pass out quick on tun0 route-to tun1 inet from any to 192.168.1.1 -pass out quick on tun0 route-to tun1 inet6 from any to fec0::1 -block drop in on tun0 dup-to (tun1 192.168.1.1) inet proto tcp from any to any port = ftp -block drop in on tun0 dup-to (tun1 fec0::1) inet6 proto tcp from any to any port = ftp -pass in quick on tun0 route-to tun1 inet from 192.168.1.1 to 10.1.1.1 -pass in quick on tun0 route-to tun1 inet6 from fec0::/64 to fec1::2 -block drop in on tun0 reply-to (tun1 192.168.1.1) inet proto tcp from any to any port = ftp -block drop in on tun0 reply-to (tun1 fec0::1) inet6 proto tcp from any to any port = ftp -pass in quick on tun0 reply-to tun1 inet from 192.168.1.1 to 10.1.1.1 -pass in quick on tun0 reply-to tun1 inet6 from fec0::/64 to fec1::2 -pass in quick on tun0 dup-to (tun1 192.168.1.100) inet from 192.168.1.1 to 10.1.1.1 -pass in quick on tun0 dup-to (tun1 fec1::2) inet6 from fec0::/64 to fec1::2 +pass in quick on enc0 fastroute all +pass in quick on enc0 fastroute inet all +pass in quick on enc0 fastroute inet6 all +pass out quick on tun0 route-to tun1 inet all +pass out quick on tun0 route-to tun1 inet from any to 192.168.1.1 +pass out quick on tun0 route-to tun1 inet6 from any to fec0::1 +block drop in on tun0 dup-to (tun1 192.168.1.1) inet proto tcp from any to any port = ftp +block drop in on tun0 dup-to (tun1 fec0::1) inet6 proto tcp from any to any port = ftp +pass in quick on tun0 route-to tun1 inet from 192.168.1.1 to 10.1.1.1 +pass in quick on tun0 route-to tun1 inet6 from fec0::/64 to fec1::2 +block drop in on tun0 reply-to (tun1 192.168.1.1) inet proto tcp from any to any port = ftp +block drop in on tun0 reply-to (tun1 fec0::1) inet6 proto tcp from any to any port = ftp +pass in quick on tun0 reply-to tun1 inet from 192.168.1.1 to 10.1.1.1 +pass in quick on tun0 reply-to tun1 inet6 from fec0::/64 to fec1::2 +pass in quick on tun0 dup-to (tun1 192.168.1.100) inet from 192.168.1.1 to 10.1.1.1 +pass in quick on tun0 dup-to (tun1 fec1::2) inet6 from fec0::/64 to fec1::2 diff --git a/regress/sbin/pfctl/pf14.loaded b/regress/sbin/pfctl/pf14.loaded index 8680e497e14..ecc993880bc 100644 --- a/regress/sbin/pfctl/pf14.loaded +++ b/regress/sbin/pfctl/pf14.loaded @@ -1,24 +1,24 @@ -@0 pass in quick on lo0 inet6 from fe80::1 to fe80::1 +@0 pass in quick on lo0 inet6 from fe80::1 to fe80::1 [ Skip steps: i=end d=end f=end p=end sa=3 sp=end da=2 dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 pass in quick on lo0 inet6 from fe80::1 to fe80::1 +@1 pass in quick on lo0 inet6 from fe80::1 to fe80::1 [ Skip steps: i=end d=end f=end p=end sa=3 sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@2 pass in quick on lo0 inet6 from fe80::1 to any +@2 pass in quick on lo0 inet6 from fe80::1 to any [ Skip steps: i=end d=end f=end p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@3 pass in quick on lo0 inet6 from any to fe80::1 +@3 pass in quick on lo0 inet6 from any to fe80::1 [ Skip steps: i=end d=end f=end p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@4 pass in quick on lo0 inet6 from fe80::1 to any +@4 pass in quick on lo0 inet6 from fe80::1 to any [ Skip steps: i=end d=end f=end p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@5 pass in quick on lo0 inet6 from any to fe80::1 +@5 pass in quick on lo0 inet6 from any to fe80::1 [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf14.ok b/regress/sbin/pfctl/pf14.ok index bbdf905c514..77554a15adb 100644 --- a/regress/sbin/pfctl/pf14.ok +++ b/regress/sbin/pfctl/pf14.ok @@ -1,6 +1,6 @@ -pass in quick on lo0 inet6 from fe80::1 to fe80::1 -pass in quick on lo0 inet6 from fe80::1 to fe80::1 -pass in quick on lo0 inet6 from fe80::1 to any -pass in quick on lo0 inet6 from any to fe80::1 -pass in quick on lo0 inet6 from fe80::1 to any -pass in quick on lo0 inet6 from any to fe80::1 +pass in quick on lo0 inet6 from fe80::1 to fe80::1 +pass in quick on lo0 inet6 from fe80::1 to fe80::1 +pass in quick on lo0 inet6 from fe80::1 to any +pass in quick on lo0 inet6 from any to fe80::1 +pass in quick on lo0 inet6 from fe80::1 to any +pass in quick on lo0 inet6 from any to fe80::1 diff --git a/regress/sbin/pfctl/pf15.loaded b/regress/sbin/pfctl/pf15.loaded index d57e7b137e4..cb23a2d891c 100644 --- a/regress/sbin/pfctl/pf15.loaded +++ b/regress/sbin/pfctl/pf15.loaded @@ -1,88 +1,88 @@ -@0 scrub in on lo0 all no-df fragment reassemble +@0 scrub in on lo0 all no-df fragment reassemble [ Skip steps: i=3 d=2 f=3 p=end sa=7 sp=end da=3 dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 scrub in log on lo0 all min-ttl 25 fragment reassemble +@1 scrub in log on lo0 all min-ttl 25 fragment reassemble [ Skip steps: i=3 f=3 p=end sa=7 sp=end da=3 dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@2 scrub on lo0 all max-mss 224 fragment reassemble +@2 scrub on lo0 all max-mss 224 fragment reassemble [ Skip steps: p=end sa=7 sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@3 scrub out log on lo1 inet from any to 10.0.0.1 no-df max-mss 224 fragment reassemble +@3 scrub out log on lo1 inet from any to 10.0.0.1 no-df max-mss 224 fragment reassemble [ Skip steps: p=end sa=7 sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@4 scrub in on lo0 all max-mss 224 fragment reassemble +@4 scrub in on lo0 all max-mss 224 fragment reassemble [ Skip steps: i=6 d=end f=7 p=end sa=7 sp=end da=8 dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@5 scrub in log on lo0 all fragment reassemble +@5 scrub in log on lo0 all fragment reassemble [ Skip steps: d=end f=7 p=end sa=7 sp=end da=8 dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@6 scrub in log on lo1 all fragment reassemble +@6 scrub in log on lo1 all fragment reassemble [ Skip steps: d=end p=end sp=end da=8 dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@7 scrub in on lo0 inet from (lo0) to any fragment reassemble +@7 scrub in on lo0 inet from (lo0) to any fragment reassemble [ Skip steps: i=10 d=end p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@8 scrub in log on lo0 inet6 from (lo1) to 2000::1 fragment reassemble +@8 scrub in log on lo0 inet6 from (lo1) to 2000::1 fragment reassemble [ Skip steps: i=10 d=end f=10 p=end sp=end da=10 dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@9 scrub in log on lo0 inet6 from (lo0) to 2000::1 fragment reassemble +@9 scrub in log on lo0 inet6 from (lo0) to 2000::1 fragment reassemble [ Skip steps: d=end p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@10 scrub in inet from 10.0.0.1 to 10.0.0.3 fragment reassemble +@10 scrub in inet from 10.0.0.1 to 10.0.0.3 fragment reassemble [ Skip steps: i=16 d=end f=15 p=end sa=12 sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@11 scrub in inet from 10.0.0.1 to 10.0.0.4 fragment reassemble +@11 scrub in inet from 10.0.0.1 to 10.0.0.4 fragment reassemble [ Skip steps: i=16 d=end f=15 p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@12 scrub in inet from 10.0.0.2 to 10.0.0.3 fragment reassemble +@12 scrub in inet from 10.0.0.2 to 10.0.0.3 fragment reassemble [ Skip steps: i=16 d=end f=15 p=end sa=14 sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@13 scrub in inet from 10.0.0.2 to 10.0.0.4 fragment reassemble +@13 scrub in inet from 10.0.0.2 to 10.0.0.4 fragment reassemble [ Skip steps: i=16 d=end f=15 p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@14 scrub in inet from 127.0.0.1 to any fragment reassemble +@14 scrub in inet from 127.0.0.1 to any fragment reassemble [ Skip steps: i=16 d=end p=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@15 scrub in inet6 from ::1 to any fragment reassemble +@15 scrub in inet6 from ::1 to any fragment reassemble [ Skip steps: d=end f=17 p=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@16 scrub in on lo0 inet6 from fe80::1 to any fragment reassemble +@16 scrub in on lo0 inet6 from fe80::1 to any fragment reassemble [ Skip steps: d=end p=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@17 scrub in inet from 10.1.1.1 to any fragment reassemble +@17 scrub in inet from 10.1.1.1 to any fragment reassemble [ Skip steps: i=21 d=end f=20 p=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@18 scrub in inet from 10.0.0.1 to any fragment reassemble +@18 scrub in inet from 10.0.0.1 to any fragment reassemble [ Skip steps: i=21 d=end f=20 p=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@19 scrub in inet from 127.0.0.1 to any fragment reassemble +@19 scrub in inet from 127.0.0.1 to any fragment reassemble [ Skip steps: i=21 d=end p=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@20 scrub in inet6 from ::1 to any fragment reassemble +@20 scrub in inet6 from ::1 to any fragment reassemble [ Skip steps: d=end f=end p=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@21 scrub in on lo0 inet6 from fe80::1 to any fragment reassemble +@21 scrub in on lo0 inet6 from fe80::1 to any fragment reassemble [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf15.ok b/regress/sbin/pfctl/pf15.ok index 6cb7b7f5aa8..06ea402abd3 100644 --- a/regress/sbin/pfctl/pf15.ok +++ b/regress/sbin/pfctl/pf15.ok @@ -1,22 +1,22 @@ -scrub in on lo0 all no-df fragment reassemble -scrub in log on lo0 all min-ttl 25 fragment reassemble -scrub on lo0 all max-mss 224 fragment reassemble -scrub out log on lo1 inet from any to 10.0.0.1 no-df max-mss 224 fragment reassemble -scrub in on lo0 all max-mss 224 fragment reassemble -scrub in log on lo0 all fragment reassemble -scrub in log on lo1 all fragment reassemble -scrub in on lo0 inet from (lo0) to any fragment reassemble -scrub in log on lo0 inet6 from (lo1) to 2000::1 fragment reassemble -scrub in log on lo0 inet6 from (lo0) to 2000::1 fragment reassemble -scrub in inet from 10.0.0.1 to 10.0.0.3 fragment reassemble -scrub in inet from 10.0.0.1 to 10.0.0.4 fragment reassemble -scrub in inet from 10.0.0.2 to 10.0.0.3 fragment reassemble -scrub in inet from 10.0.0.2 to 10.0.0.4 fragment reassemble -scrub in inet from 127.0.0.1 to any fragment reassemble -scrub in inet6 from ::1 to any fragment reassemble -scrub in on lo0 inet6 from fe80::1 to any fragment reassemble -scrub in inet from 10.1.1.1 to any fragment reassemble -scrub in inet from 10.0.0.1 to any fragment reassemble -scrub in inet from 127.0.0.1 to any fragment reassemble -scrub in inet6 from ::1 to any fragment reassemble -scrub in on lo0 inet6 from fe80::1 to any fragment reassemble +scrub in on lo0 all no-df fragment reassemble +scrub in log on lo0 all min-ttl 25 fragment reassemble +scrub on lo0 all max-mss 224 fragment reassemble +scrub out log on lo1 inet from any to 10.0.0.1 no-df max-mss 224 fragment reassemble +scrub in on lo0 all max-mss 224 fragment reassemble +scrub in log on lo0 all fragment reassemble +scrub in log on lo1 all fragment reassemble +scrub in on lo0 inet from (lo0) to any fragment reassemble +scrub in log on lo0 inet6 from (lo1) to 2000::1 fragment reassemble +scrub in log on lo0 inet6 from (lo0) to 2000::1 fragment reassemble +scrub in inet from 10.0.0.1 to 10.0.0.3 fragment reassemble +scrub in inet from 10.0.0.1 to 10.0.0.4 fragment reassemble +scrub in inet from 10.0.0.2 to 10.0.0.3 fragment reassemble +scrub in inet from 10.0.0.2 to 10.0.0.4 fragment reassemble +scrub in inet from 127.0.0.1 to any fragment reassemble +scrub in inet6 from ::1 to any fragment reassemble +scrub in on lo0 inet6 from fe80::1 to any fragment reassemble +scrub in inet from 10.1.1.1 to any fragment reassemble +scrub in inet from 10.0.0.1 to any fragment reassemble +scrub in inet from 127.0.0.1 to any fragment reassemble +scrub in inet6 from ::1 to any fragment reassemble +scrub in on lo0 inet6 from fe80::1 to any fragment reassemble diff --git a/regress/sbin/pfctl/pf16.loaded b/regress/sbin/pfctl/pf16.loaded index 0997d794c25..1ced4f27f20 100644 --- a/regress/sbin/pfctl/pf16.loaded +++ b/regress/sbin/pfctl/pf16.loaded @@ -10,11 +10,11 @@ [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@0 scrub in on lo0 all fragment reassemble +@0 scrub in on lo0 all fragment reassemble [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@0 pass in on lo1 all +@0 pass in on lo1 all [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf16.ok b/regress/sbin/pfctl/pf16.ok index 4216342fae1..975777095b6 100644 --- a/regress/sbin/pfctl/pf16.ok +++ b/regress/sbin/pfctl/pf16.ok @@ -1,5 +1,5 @@ -scrub in on lo0 all fragment reassemble +scrub in on lo0 all fragment reassemble nat on lo0 inet from 192.168.1.1 to any -> 10.0.0.1 rdr on lo0 inet proto tcp from any to 1.2.3.4 port = 2222 -> 10.0.0.10 port 22 binat on lo0 inet from 192.168.1.1 to any -> 10.0.0.1 -pass in on lo1 all +pass in on lo1 all diff --git a/regress/sbin/pfctl/pf17.loaded b/regress/sbin/pfctl/pf17.loaded index 5e4049fbbbb..6d7903db984 100644 --- a/regress/sbin/pfctl/pf17.loaded +++ b/regress/sbin/pfctl/pf17.loaded @@ -1,4 +1,4 @@ -@0 no binat on lo0 inet from 192.168.1.1 to 10.1.2.3 +@0 no binat on lo0 inet from 192.168.1.1 to 10.1.2.3 [ Skip steps: i=end d=end f=21 p=2 sa=2 sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] @@ -51,11 +51,11 @@ [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] @13 binat on lo0 inet from (lo0) to 1.1.1.1 -> 2.2.2.2 - [ Skip steps: i=end d=end f=21 p=end sa=16 sp=end da=15 dp=end ] + [ Skip steps: i=end d=end f=21 p=end sp=end da=15 dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] @14 binat on lo0 inet from (lo0) to 1.1.1.1 -> (lo1) - [ Skip steps: i=end d=end f=21 p=end sa=16 sp=end dp=end ] + [ Skip steps: i=end d=end f=21 p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] @15 binat on lo0 inet from (lo0) to (lo1) -> (lo1) @@ -87,11 +87,11 @@ [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] @22 binat on lo0 inet6 from (lo0) to ::1 -> ::2 - [ Skip steps: i=end d=end f=end p=end sa=25 sp=end da=24 dp=end ] + [ Skip steps: i=end d=end f=end p=end sp=end da=24 dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] @23 binat on lo0 inet6 from (lo0) to ::1 -> (lo1) - [ Skip steps: i=end d=end f=end p=end sa=25 sp=end dp=end ] + [ Skip steps: i=end d=end f=end p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] @24 binat on lo0 inet6 from (lo0) to (lo1) -> (lo1) diff --git a/regress/sbin/pfctl/pf17.ok b/regress/sbin/pfctl/pf17.ok index 0eebf193489..9f3e8adce14 100644 --- a/regress/sbin/pfctl/pf17.ok +++ b/regress/sbin/pfctl/pf17.ok @@ -1,4 +1,4 @@ -no binat on lo0 inet from 192.168.1.1 to 10.1.2.3 +no binat on lo0 inet from 192.168.1.1 to 10.1.2.3 binat on lo0 inet from 192.168.1.1 to any -> 10.0.0.1 binat on lo0 inet proto tcp from 192.168.1.2 to any -> 10.0.0.2 binat on lo0 inet proto udp from 192.168.1.3 to any -> 10.0.0.3 diff --git a/regress/sbin/pfctl/pf18.loaded b/regress/sbin/pfctl/pf18.loaded index 448e166f6f2..7744171a2e5 100644 --- a/regress/sbin/pfctl/pf18.loaded +++ b/regress/sbin/pfctl/pf18.loaded @@ -1,4 +1,4 @@ -@0 no nat on lo0 inet from 192.168.1.1 to 10.1.2.3 +@0 no nat on lo0 inet from 192.168.1.1 to 10.1.2.3 [ Skip steps: i=16 d=end f=end p=2 sa=2 sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf18.ok b/regress/sbin/pfctl/pf18.ok index 34196031541..0d9e9c884c2 100644 --- a/regress/sbin/pfctl/pf18.ok +++ b/regress/sbin/pfctl/pf18.ok @@ -1,6 +1,6 @@ TEST_LIST1 = "{ 192.168.1.5, 192.168.1.6, 192.168.1.7 }" TEST_LIST2 = "{ 172.6.1.1, 172.14.1.2/32, 172.16.2.0/24 }" -no nat on lo0 inet from 192.168.1.1 to 10.1.2.3 +no nat on lo0 inet from 192.168.1.1 to 10.1.2.3 nat on lo0 inet from 192.168.1.1 to any -> 10.0.0.1 nat on lo0 inet proto tcp from 192.168.1.2 to any -> 10.0.0.2 nat on lo0 inet proto udp from 192.168.1.3 to any -> 10.0.0.3 diff --git a/regress/sbin/pfctl/pf2.loaded b/regress/sbin/pfctl/pf2.loaded index dc97c1f3afd..fab67ef117e 100644 --- a/regress/sbin/pfctl/pf2.loaded +++ b/regress/sbin/pfctl/pf2.loaded @@ -1,88 +1,88 @@ -@0 block drop out log on tun0 all +@0 block drop out log on tun0 all [ Skip steps: i=12 f=6 p=2 sa=6 sp=end da=7 dp=16 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 block drop in log on tun0 all +@1 block drop in log on tun0 all [ Skip steps: i=12 f=6 sa=6 sp=end da=7 dp=16 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@2 block return-rst out log on tun0 proto tcp all +@2 block return-rst out log on tun0 proto tcp all [ Skip steps: i=12 f=6 p=4 sa=6 sp=end da=7 dp=16 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@3 block return-rst in log on tun0 proto tcp all +@3 block return-rst in log on tun0 proto tcp all [ Skip steps: i=12 f=6 sa=6 sp=end da=7 dp=16 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@4 block return-icmp(port-unr, port-unr) out log on tun0 proto udp all +@4 block return-icmp(port-unr, port-unr) out log on tun0 proto udp all [ Skip steps: i=12 f=6 p=6 sa=6 sp=end da=7 dp=16 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@5 block return-icmp(port-unr, port-unr) in log on tun0 proto udp all +@5 block return-icmp(port-unr, port-unr) in log on tun0 proto udp all [ Skip steps: i=12 sp=end da=7 dp=16 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@6 block drop out log quick on tun0 inet from ! 157.161.48.183 to any +@6 block drop out log quick on tun0 inet from ! 157.161.48.183 to any [ Skip steps: i=12 f=12 p=13 sp=end dp=16 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@7 block drop in quick on tun0 inet from any to 255.255.255.255 +@7 block drop in quick on tun0 inet from any to 255.255.255.255 [ Skip steps: i=12 d=13 f=12 p=13 sp=end dp=16 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@8 block drop in log quick on tun0 inet from 10.0.0.0/8 to any +@8 block drop in log quick on tun0 inet from 10.0.0.0/8 to any [ Skip steps: i=12 d=13 f=12 p=13 sp=end da=end dp=16 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@9 block drop in log quick on tun0 inet from 172.16.0.0/12 to any +@9 block drop in log quick on tun0 inet from 172.16.0.0/12 to any [ Skip steps: i=12 d=13 f=12 p=13 sp=end da=end dp=16 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@10 block drop in log quick on tun0 inet from 192.168.0.0/16 to any +@10 block drop in log quick on tun0 inet from 192.168.0.0/16 to any [ Skip steps: i=12 d=13 f=12 p=13 sp=end da=end dp=16 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@11 block drop in log quick on tun0 inet from 255.255.255.255 to any +@11 block drop in log quick on tun0 inet from 255.255.255.255 to any [ Skip steps: d=13 p=13 sp=end da=end dp=16 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@12 block drop in log quick from no-route to any +@12 block drop in log quick from no-route to any [ Skip steps: sp=end da=end dp=16 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@13 pass out on tun0 inet proto icmp all icmp-type echoreq code 0 keep state +@13 pass out on tun0 inet proto icmp all icmp-type echoreq code 0 keep state [ Skip steps: i=end f=15 p=15 sa=end sp=end da=end dp=16 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@14 pass in on tun0 inet proto icmp all icmp-type echoreq code 0 keep state +@14 pass in on tun0 inet proto icmp all icmp-type echoreq code 0 keep state [ Skip steps: i=end sa=end sp=end da=end dp=16 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@15 pass out on tun0 proto udp all keep state +@15 pass out on tun0 proto udp all keep state [ Skip steps: i=end f=end p=17 sa=end sp=end da=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@16 pass in on tun0 proto udp from any to any port = domain keep state +@16 pass in on tun0 proto udp from any to any port = domain keep state [ Skip steps: i=end f=end sa=end sp=end da=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@17 pass out on tun0 proto tcp all keep state +@17 pass out on tun0 proto tcp all keep state [ Skip steps: i=end f=end p=end sa=end sp=end da=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@18 pass in on tun0 proto tcp from any to any port = ssh keep state +@18 pass in on tun0 proto tcp from any to any port = ssh keep state [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@19 pass in on tun0 proto tcp from any to any port = smtp keep state +@19 pass in on tun0 proto tcp from any to any port = smtp keep state [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@20 pass in on tun0 proto tcp from any to any port = domain keep state +@20 pass in on tun0 proto tcp from any to any port = domain keep state [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@21 pass in on tun0 proto tcp from any to any port = auth keep state +@21 pass in on tun0 proto tcp from any to any port = auth keep state [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf2.ok b/regress/sbin/pfctl/pf2.ok index e65d48d05fe..7c9e4e0e1d8 100644 --- a/regress/sbin/pfctl/pf2.ok +++ b/regress/sbin/pfctl/pf2.ok @@ -1,22 +1,22 @@ -block drop out log on tun0 all -block drop in log on tun0 all -block return-rst out log on tun0 proto tcp all -block return-rst in log on tun0 proto tcp all -block return-icmp(port-unr, port-unr) out log on tun0 proto udp all -block return-icmp(port-unr, port-unr) in log on tun0 proto udp all -block drop out log quick on tun0 inet from ! 157.161.48.183 to any -block drop in quick on tun0 inet from any to 255.255.255.255 -block drop in log quick on tun0 inet from 10.0.0.0/8 to any -block drop in log quick on tun0 inet from 172.16.0.0/12 to any -block drop in log quick on tun0 inet from 192.168.0.0/16 to any -block drop in log quick on tun0 inet from 255.255.255.255 to any -block drop in log quick from no-route to any -pass out on tun0 inet proto icmp all icmp-type echoreq code 0 keep state -pass in on tun0 inet proto icmp all icmp-type echoreq code 0 keep state -pass out on tun0 proto udp all keep state -pass in on tun0 proto udp from any to any port = domain keep state -pass out on tun0 proto tcp all keep state -pass in on tun0 proto tcp from any to any port = ssh keep state -pass in on tun0 proto tcp from any to any port = smtp keep state -pass in on tun0 proto tcp from any to any port = domain keep state -pass in on tun0 proto tcp from any to any port = auth keep state +block drop out log on tun0 all +block drop in log on tun0 all +block return-rst out log on tun0 proto tcp all +block return-rst in log on tun0 proto tcp all +block return-icmp(port-unr, port-unr) out log on tun0 proto udp all +block return-icmp(port-unr, port-unr) in log on tun0 proto udp all +block drop out log quick on tun0 inet from ! 157.161.48.183 to any +block drop in quick on tun0 inet from any to 255.255.255.255 +block drop in log quick on tun0 inet from 10.0.0.0/8 to any +block drop in log quick on tun0 inet from 172.16.0.0/12 to any +block drop in log quick on tun0 inet from 192.168.0.0/16 to any +block drop in log quick on tun0 inet from 255.255.255.255 to any +block drop in log quick from no-route to any +pass out on tun0 inet proto icmp all icmp-type echoreq code 0 keep state +pass in on tun0 inet proto icmp all icmp-type echoreq code 0 keep state +pass out on tun0 proto udp all keep state +pass in on tun0 proto udp from any to any port = domain keep state +pass out on tun0 proto tcp all keep state +pass in on tun0 proto tcp from any to any port = ssh keep state +pass in on tun0 proto tcp from any to any port = smtp keep state +pass in on tun0 proto tcp from any to any port = domain keep state +pass in on tun0 proto tcp from any to any port = auth keep state diff --git a/regress/sbin/pfctl/pf21.loaded b/regress/sbin/pfctl/pf21.loaded index 444150738c9..15241d19e78 100644 --- a/regress/sbin/pfctl/pf21.loaded +++ b/regress/sbin/pfctl/pf21.loaded @@ -1,16 +1,16 @@ -@0 scrub in all fragment reassemble +@0 scrub in all fragment reassemble [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 scrub in all fragment reassemble +@1 scrub in all fragment reassemble [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@2 scrub in all fragment drop-ovl +@2 scrub in all fragment drop-ovl [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@3 scrub in all fragment crop +@3 scrub in all fragment crop [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf21.ok b/regress/sbin/pfctl/pf21.ok index b03b63a4f7a..76570e4ab97 100644 --- a/regress/sbin/pfctl/pf21.ok +++ b/regress/sbin/pfctl/pf21.ok @@ -1,4 +1,4 @@ -scrub in all fragment reassemble -scrub in all fragment reassemble -scrub in all fragment drop-ovl -scrub in all fragment crop +scrub in all fragment reassemble +scrub in all fragment reassemble +scrub in all fragment drop-ovl +scrub in all fragment crop diff --git a/regress/sbin/pfctl/pf23.loaded b/regress/sbin/pfctl/pf23.loaded index a4ba8dbd360..d6033524ed6 100644 --- a/regress/sbin/pfctl/pf23.loaded +++ b/regress/sbin/pfctl/pf23.loaded @@ -1,4 +1,4 @@ -@0 block drop in on ! lo0 all +@0 block drop in on ! lo0 all [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf23.ok b/regress/sbin/pfctl/pf23.ok index b0a7d83eb71..83a75fe716a 100644 --- a/regress/sbin/pfctl/pf23.ok +++ b/regress/sbin/pfctl/pf23.ok @@ -1 +1 @@ -block drop in on ! lo0 all +block drop in on ! lo0 all diff --git a/regress/sbin/pfctl/pf24.loaded b/regress/sbin/pfctl/pf24.loaded index 395bf6e3d85..229e6c3dd98 100644 --- a/regress/sbin/pfctl/pf24.loaded +++ b/regress/sbin/pfctl/pf24.loaded @@ -1,8 +1,8 @@ -@0 pass in proto tcp from any to any port = ssh +@0 pass in proto tcp from any to any port = ssh [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 pass in proto tcp from any to any port = ftp +@1 pass in proto tcp from any to any port = ftp [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf24.ok b/regress/sbin/pfctl/pf24.ok index 5cf0e5b92dc..bf465ee9204 100644 --- a/regress/sbin/pfctl/pf24.ok +++ b/regress/sbin/pfctl/pf24.ok @@ -3,5 +3,5 @@ b = "ftp" c = "ssh ftp" d = "ssh ftp ssh ftp" e = "ssh ftp ftp test ssh ftp" -pass in proto tcp from any to any port = ssh -pass in proto tcp from any to any port = ftp +pass in proto tcp from any to any port = ssh +pass in proto tcp from any to any port = ftp diff --git a/regress/sbin/pfctl/pf25.loaded b/regress/sbin/pfctl/pf25.loaded index 6e6999673cc..052992fe228 100644 --- a/regress/sbin/pfctl/pf25.loaded +++ b/regress/sbin/pfctl/pf25.loaded @@ -1,12 +1,12 @@ -@0 block drop in on ! lo0 inet from 127.0.0.0/8 to any +@0 block drop in on ! lo0 inet from 127.0.0.0/8 to any [ Skip steps: i=end d=end p=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 block drop in on ! lo0 inet6 from ::1 to any +@1 block drop in on ! lo0 inet6 from ::1 to any [ Skip steps: i=end d=end p=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@2 block drop in log quick on ! lo0 inet from 127.0.0.0/8 to any +@2 block drop in log quick on ! lo0 inet from 127.0.0.0/8 to any [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf25.ok b/regress/sbin/pfctl/pf25.ok index a6efe4aed77..49f55b7ef82 100644 --- a/regress/sbin/pfctl/pf25.ok +++ b/regress/sbin/pfctl/pf25.ok @@ -1,3 +1,3 @@ -block drop in on ! lo0 inet from 127.0.0.0/8 to any -block drop in on ! lo0 inet6 from ::1 to any -block drop in log quick on ! lo0 inet from 127.0.0.0/8 to any +block drop in on ! lo0 inet from 127.0.0.0/8 to any +block drop in on ! lo0 inet6 from ::1 to any +block drop in log quick on ! lo0 inet from 127.0.0.0/8 to any diff --git a/regress/sbin/pfctl/pf26.loaded b/regress/sbin/pfctl/pf26.loaded index c9f897d2030..a0ea0b9da23 100644 --- a/regress/sbin/pfctl/pf26.loaded +++ b/regress/sbin/pfctl/pf26.loaded @@ -1,8 +1,8 @@ -@0 block drop in on lo0 inet from ! (lo0) to any +@0 block drop in on lo0 inet from ! (lo0) to any [ Skip steps: i=end f=end p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 block drop out on lo0 inet from any to ! (lo0) +@1 block drop out on lo0 inet from any to ! (lo0) [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf26.ok b/regress/sbin/pfctl/pf26.ok index 1c2df4229ef..a9a281244a6 100644 --- a/regress/sbin/pfctl/pf26.ok +++ b/regress/sbin/pfctl/pf26.ok @@ -1,2 +1,2 @@ -block drop in on lo0 inet from ! (lo0) to any -block drop out on lo0 inet from any to ! (lo0) +block drop in on lo0 inet from ! (lo0) to any +block drop out on lo0 inet from any to ! (lo0) diff --git a/regress/sbin/pfctl/pf28.loaded b/regress/sbin/pfctl/pf28.loaded index 863cd9233f0..ec72ec92ace 100644 --- a/regress/sbin/pfctl/pf28.loaded +++ b/regress/sbin/pfctl/pf28.loaded @@ -1,24 +1,24 @@ -@0 block drop in log-all quick on lo0 all +@0 block drop in log-all quick on lo0 all [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 block drop in log quick on lo0 all +@1 block drop in log quick on lo0 all [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@2 block drop in log-all quick on lo0 all +@2 block drop in log-all quick on lo0 all [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@3 block drop in log quick on lo0 all +@3 block drop in log quick on lo0 all [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@4 block drop in log on lo0 all +@4 block drop in log on lo0 all [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@5 block drop in log-all on lo0 all +@5 block drop in log-all on lo0 all [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf28.ok b/regress/sbin/pfctl/pf28.ok index 38b349ef845..ff8be4d41e8 100644 --- a/regress/sbin/pfctl/pf28.ok +++ b/regress/sbin/pfctl/pf28.ok @@ -1,6 +1,6 @@ -block drop in log-all quick on lo0 all -block drop in log quick on lo0 all -block drop in log-all quick on lo0 all -block drop in log quick on lo0 all -block drop in log on lo0 all -block drop in log-all on lo0 all +block drop in log-all quick on lo0 all +block drop in log quick on lo0 all +block drop in log-all quick on lo0 all +block drop in log quick on lo0 all +block drop in log on lo0 all +block drop in log-all on lo0 all diff --git a/regress/sbin/pfctl/pf3.loaded b/regress/sbin/pfctl/pf3.loaded index 7eb7ade83d4..1c061effd91 100644 --- a/regress/sbin/pfctl/pf3.loaded +++ b/regress/sbin/pfctl/pf3.loaded @@ -1,36 +1,36 @@ -@0 pass in all +@0 pass in all [ Skip steps: i=end d=end f=end p=2 sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 pass in all +@1 pass in all [ Skip steps: i=end d=end f=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@2 block drop in proto tcp all flags FPUEW/FSRPAUEW +@2 block drop in proto tcp all flags FPUEW/FSRPAUEW [ Skip steps: i=end d=end f=end p=5 sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@3 block drop in proto tcp all flags FS/FSRA +@3 block drop in proto tcp all flags FS/FSRA [ Skip steps: i=end d=end f=end p=5 sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@4 block drop in proto tcp all flags /FSRAW +@4 block drop in proto tcp all flags /FSRAW [ Skip steps: i=end d=end f=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@5 pass in proto udp all +@5 pass in proto udp all [ Skip steps: i=end d=end f=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@6 pass in proto icmp all +@6 pass in proto icmp all [ Skip steps: i=end d=end f=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@7 pass in proto tcp all flags S/SA +@7 pass in proto tcp all flags S/SA [ Skip steps: i=end d=end f=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@8 pass in all flags S/SA +@8 pass in all flags S/SA [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf3.ok b/regress/sbin/pfctl/pf3.ok index a8ae29581c6..7f427387999 100644 --- a/regress/sbin/pfctl/pf3.ok +++ b/regress/sbin/pfctl/pf3.ok @@ -1,9 +1,9 @@ -pass in all -pass in all -block drop in proto tcp all flags FPUEW/FSRPAUEW -block drop in proto tcp all flags FS/FSRA -block drop in proto tcp all flags /FSRAW -pass in proto udp all -pass in proto icmp all -pass in proto tcp all flags S/SA -pass in all flags S/SA +pass in all +pass in all +block drop in proto tcp all flags FPUEW/FSRPAUEW +block drop in proto tcp all flags FS/FSRA +block drop in proto tcp all flags /FSRAW +pass in proto udp all +pass in proto icmp all +pass in proto tcp all flags S/SA +pass in all flags S/SA diff --git a/regress/sbin/pfctl/pf30.loaded b/regress/sbin/pfctl/pf30.loaded index 96baf09ee12..e03a3b26b57 100644 --- a/regress/sbin/pfctl/pf30.loaded +++ b/regress/sbin/pfctl/pf30.loaded @@ -1,4 +1,4 @@ -@0 block drop in on lo0 all +@0 block drop in on lo0 all [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf30.ok b/regress/sbin/pfctl/pf30.ok index 66742b12af2..11fb969bbb9 100644 --- a/regress/sbin/pfctl/pf30.ok +++ b/regress/sbin/pfctl/pf30.ok @@ -1 +1 @@ -block drop in on lo0 all +block drop in on lo0 all diff --git a/regress/sbin/pfctl/pf31.loaded b/regress/sbin/pfctl/pf31.loaded index 96b37733be3..29a3b0a09a1 100644 --- a/regress/sbin/pfctl/pf31.loaded +++ b/regress/sbin/pfctl/pf31.loaded @@ -1,72 +1,72 @@ -@0 block return in on lo0 all +@0 block return in on lo0 all [ Skip steps: i=end d=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 block return in on lo0 inet all +@1 block return in on lo0 inet all [ Skip steps: i=end d=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@2 block return in on lo0 inet6 all +@2 block return in on lo0 inet6 all [ Skip steps: i=end d=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@3 block drop in on lo0 all +@3 block drop in on lo0 all [ Skip steps: i=end d=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@4 block drop in on lo0 inet all +@4 block drop in on lo0 inet all [ Skip steps: i=end d=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@5 block drop in on lo0 inet6 all +@5 block drop in on lo0 inet6 all [ Skip steps: i=end d=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@6 block drop in on lo0 all +@6 block drop in on lo0 all [ Skip steps: i=end d=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@7 block drop in on lo0 inet all +@7 block drop in on lo0 inet all [ Skip steps: i=end d=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@8 block drop in on lo0 inet6 all +@8 block drop in on lo0 inet6 all [ Skip steps: i=end d=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@9 block return in on lo0 all +@9 block return in on lo0 all [ Skip steps: i=end d=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@10 block return in on lo0 inet all +@10 block return in on lo0 inet all [ Skip steps: i=end d=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@11 block return in on lo0 inet6 all +@11 block return in on lo0 inet6 all [ Skip steps: i=end d=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@12 block drop in on lo0 all +@12 block drop in on lo0 all [ Skip steps: i=end d=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@13 block drop in on lo0 inet all +@13 block drop in on lo0 inet all [ Skip steps: i=end d=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@14 block drop in on lo0 inet6 all +@14 block drop in on lo0 inet6 all [ Skip steps: i=end d=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@15 block return in on lo0 all +@15 block return in on lo0 all [ Skip steps: i=end d=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@16 block return in on lo0 inet all +@16 block return in on lo0 inet all [ Skip steps: i=end d=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@17 block return in on lo0 inet6 all +@17 block return in on lo0 inet6 all [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf31.ok b/regress/sbin/pfctl/pf31.ok index 397742d5631..1e404a681d5 100644 --- a/regress/sbin/pfctl/pf31.ok +++ b/regress/sbin/pfctl/pf31.ok @@ -1,21 +1,21 @@ set block-policy drop -block return in on lo0 all -block return in on lo0 inet all -block return in on lo0 inet6 all -block drop in on lo0 all -block drop in on lo0 inet all -block drop in on lo0 inet6 all -block drop in on lo0 all -block drop in on lo0 inet all -block drop in on lo0 inet6 all +block return in on lo0 all +block return in on lo0 inet all +block return in on lo0 inet6 all +block drop in on lo0 all +block drop in on lo0 inet all +block drop in on lo0 inet6 all +block drop in on lo0 all +block drop in on lo0 inet all +block drop in on lo0 inet6 all set require-order no set block-policy return -block return in on lo0 all -block return in on lo0 inet all -block return in on lo0 inet6 all -block drop in on lo0 all -block drop in on lo0 inet all -block drop in on lo0 inet6 all -block return in on lo0 all -block return in on lo0 inet all -block return in on lo0 inet6 all +block return in on lo0 all +block return in on lo0 inet all +block return in on lo0 inet6 all +block drop in on lo0 all +block drop in on lo0 inet all +block drop in on lo0 inet6 all +block return in on lo0 all +block return in on lo0 inet all +block return in on lo0 inet6 all diff --git a/regress/sbin/pfctl/pf32.loaded b/regress/sbin/pfctl/pf32.loaded index c5689baa951..ba22d941533 100644 --- a/regress/sbin/pfctl/pf32.loaded +++ b/regress/sbin/pfctl/pf32.loaded @@ -1,28 +1,28 @@ -@0 pass in inet from 10.0.0.0/8 to any +@0 pass in inet from 10.0.0.0/8 to any [ Skip steps: i=end d=end f=end p=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 pass in inet from 10.1.0.0/16 to any +@1 pass in inet from 10.1.0.0/16 to any [ Skip steps: i=end d=end f=end p=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@2 pass in inet from 10.0.0.0/8 to any +@2 pass in inet from 10.0.0.0/8 to any [ Skip steps: i=end d=end f=end p=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@3 pass in inet from 192.168.37.0/25 to any +@3 pass in inet from 192.168.37.0/25 to any [ Skip steps: i=end d=end f=end p=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@4 pass in inet from 192.168.37.0/24 to any +@4 pass in inet from 192.168.37.0/24 to any [ Skip steps: i=end d=end f=end p=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@5 pass in inet from 192.168.0.0/16 to any +@5 pass in inet from 192.168.0.0/16 to any [ Skip steps: i=end d=end f=end p=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@6 pass in inet from 192.0.0.0/8 to any +@6 pass in inet from 192.0.0.0/8 to any [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf32.ok b/regress/sbin/pfctl/pf32.ok index 7723130fa3d..d3c512f7c48 100644 --- a/regress/sbin/pfctl/pf32.ok +++ b/regress/sbin/pfctl/pf32.ok @@ -1,7 +1,7 @@ -pass in inet from 10.0.0.0/8 to any -pass in inet from 10.1.0.0/16 to any -pass in inet from 10.0.0.0/8 to any -pass in inet from 192.168.37.0/25 to any -pass in inet from 192.168.37.0/24 to any -pass in inet from 192.168.0.0/16 to any -pass in inet from 192.0.0.0/8 to any +pass in inet from 10.0.0.0/8 to any +pass in inet from 10.1.0.0/16 to any +pass in inet from 10.0.0.0/8 to any +pass in inet from 192.168.37.0/25 to any +pass in inet from 192.168.37.0/24 to any +pass in inet from 192.168.0.0/16 to any +pass in inet from 192.0.0.0/8 to any diff --git a/regress/sbin/pfctl/pf33.ok b/regress/sbin/pfctl/pf33.ok index 2b3b483ca13..c82f8c3d02e 100644 --- a/regress/sbin/pfctl/pf33.ok +++ b/regress/sbin/pfctl/pf33.ok @@ -7,9 +7,9 @@ queue http_cust1 bandwidth 500Kb queue mail bandwidth 10% queue ssh bandwidth 200Kb priority 7 cbq( borrow ) queue rsets bandwidth 150Kb priority 0 cbq( red ) -block return in on lo0 inet all queue rsets -pass in on lo0 inet proto tcp from any to any port = www keep state queue http -pass out on lo0 inet proto tcp from any to any port = ssh keep state queue ssh -pass in on lo0 inet proto tcp from any to any port = ssh keep state queue ssh -pass out on lo0 inet proto tcp from any to any port = smtp keep state queue mail -pass out on lo0 inet all keep state +block return in on lo0 inet all queue rsets +pass in on lo0 inet proto tcp from any to any port = www keep state queue http +pass out on lo0 inet proto tcp from any to any port = ssh keep state queue ssh +pass in on lo0 inet proto tcp from any to any port = ssh keep state queue ssh +pass out on lo0 inet proto tcp from any to any port = smtp keep state queue mail +pass out on lo0 inet all keep state diff --git a/regress/sbin/pfctl/pf34.loaded b/regress/sbin/pfctl/pf34.loaded index f53b61002f8..348775c3062 100644 --- a/regress/sbin/pfctl/pf34.loaded +++ b/regress/sbin/pfctl/pf34.loaded @@ -1,8 +1,8 @@ -@0 pass in inet from any to 127.0.0.1 +@0 pass in inet from any to 127.0.0.1 [ Skip steps: i=end d=end p=end sa=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 pass in inet6 from any to 2000::1 +@1 pass in inet6 from any to 2000::1 [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf34.ok b/regress/sbin/pfctl/pf34.ok index 2759c5d048b..30c18203fd2 100644 --- a/regress/sbin/pfctl/pf34.ok +++ b/regress/sbin/pfctl/pf34.ok @@ -1,2 +1,2 @@ -pass in inet from any to 127.0.0.1 -pass in inet6 from any to 2000::1 +pass in inet from any to 127.0.0.1 +pass in inet6 from any to 2000::1 diff --git a/regress/sbin/pfctl/pf35.ok b/regress/sbin/pfctl/pf35.ok index 1aa490f80e5..7a995a6441a 100644 --- a/regress/sbin/pfctl/pf35.ok +++ b/regress/sbin/pfctl/pf35.ok @@ -10,9 +10,9 @@ queue mail bandwidth 10% priority 0 cbq( red ecn borrow ) queue ssh bandwidth 20% cbq( borrow ) { ssh_interactive ssh_bulk } queue ssh_interactive priority 7 queue ssh_bulk priority 0 qlimit 60 -block return out on lo0 inet all queue std -pass out on lo0 inet proto tcp from 10.0.0.0/24 to any port = www keep state queue developers -pass out on lo0 inet proto tcp from 10.0.1.0/24 to any port = www keep state queue employees -pass out on lo0 inet proto tcp from any to any port = ssh tos 0x10 keep state queue ssh_interactive -pass out on lo0 inet proto tcp from any to any port = ssh tos 0x08 keep state queue ssh_bulk -pass out on lo0 inet proto tcp from any to any port = smtp keep state queue mail +block return out on lo0 inet all queue std +pass out on lo0 inet proto tcp from 10.0.0.0/24 to any port = www keep state queue developers +pass out on lo0 inet proto tcp from 10.0.1.0/24 to any port = www keep state queue employees +pass out on lo0 inet proto tcp from any to any port = ssh tos 0x10 keep state queue ssh_interactive +pass out on lo0 inet proto tcp from any to any port = ssh tos 0x08 keep state queue ssh_bulk +pass out on lo0 inet proto tcp from any to any port = smtp keep state queue mail diff --git a/regress/sbin/pfctl/pf38.loaded b/regress/sbin/pfctl/pf38.loaded index 84e04bd6969..237cacdff6f 100644 --- a/regress/sbin/pfctl/pf38.loaded +++ b/regress/sbin/pfctl/pf38.loaded @@ -1,16 +1,16 @@ -@0 pass in on tun0 proto tcp all user = 3 +@0 pass in on tun0 proto tcp all user = 3 [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 pass in on tun0 proto tcp all group = 7 +@1 pass in on tun0 proto tcp all group = 7 [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@2 pass in on tun0 proto tcp all user = 3 group = 0 +@2 pass in on tun0 proto tcp all user = 3 group = 0 [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@3 pass in on tun0 proto tcp all user = 0 group = 0 +@3 pass in on tun0 proto tcp all user = 0 group = 0 [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf38.ok b/regress/sbin/pfctl/pf38.ok index 650347eaf3f..09a548991d9 100644 --- a/regress/sbin/pfctl/pf38.ok +++ b/regress/sbin/pfctl/pf38.ok @@ -1,4 +1,4 @@ -pass in on tun0 proto tcp all user = 3 -pass in on tun0 proto tcp all group = 7 -pass in on tun0 proto tcp all user = 3 group = 0 -pass in on tun0 proto tcp all user = 0 group = 0 +pass in on tun0 proto tcp all user = 3 +pass in on tun0 proto tcp all group = 7 +pass in on tun0 proto tcp all user = 3 group = 0 +pass in on tun0 proto tcp all user = 0 group = 0 diff --git a/regress/sbin/pfctl/pf39.loaded b/regress/sbin/pfctl/pf39.loaded index ff254ff5e61..8b702a8801e 100644 --- a/regress/sbin/pfctl/pf39.loaded +++ b/regress/sbin/pfctl/pf39.loaded @@ -1,36 +1,36 @@ -@0 pass in log quick on lo0 inet proto tcp all tos 0x08 keep state fragment label "blah" +@0 pass in log quick on lo0 inet proto tcp all tos 0x08 keep state fragment label "blah" [ Skip steps: i=end d=end f=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 pass in log quick on lo0 inet proto icmp all user = 3 group = 32767 icmp-type echorep code 0 tos 0x08 keep state allow-opts label "blah" queue blah +@1 pass in log quick on lo0 inet proto icmp all user = 3 group = 32767 icmp-type echorep code 0 tos 0x08 keep state allow-opts label "blah" queue blah [ Skip steps: i=end d=end f=end p=5 sa=end sp=end da=end dp=end ] [ queue: qname=blah qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@2 pass in log quick on lo0 inet proto icmp all user = 3 group = 0 icmp-type echorep code 0 tos 0x08 keep state allow-opts label "blah" queue blah +@2 pass in log quick on lo0 inet proto icmp all user = 3 group = 0 icmp-type echorep code 0 tos 0x08 keep state allow-opts label "blah" queue blah [ Skip steps: i=end d=end f=end p=5 sa=end sp=end da=end dp=end ] [ queue: qname=blah qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@3 pass in log quick on lo0 inet proto icmp all user = 0 group = 32767 icmp-type echorep code 0 tos 0x08 keep state allow-opts label "blah" queue blah +@3 pass in log quick on lo0 inet proto icmp all user = 0 group = 32767 icmp-type echorep code 0 tos 0x08 keep state allow-opts label "blah" queue blah [ Skip steps: i=end d=end f=end p=5 sa=end sp=end da=end dp=end ] [ queue: qname=blah qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@4 pass in log quick on lo0 inet proto icmp all user = 0 group = 0 icmp-type echorep code 0 tos 0x08 keep state allow-opts label "blah" queue blah +@4 pass in log quick on lo0 inet proto icmp all user = 0 group = 0 icmp-type echorep code 0 tos 0x08 keep state allow-opts label "blah" queue blah [ Skip steps: i=end d=end f=end sa=end sp=end da=end dp=end ] [ queue: qname=blah qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@5 pass in log quick on lo0 inet proto tcp all keep state +@5 pass in log quick on lo0 inet proto tcp all keep state [ Skip steps: i=end d=end f=end p=7 sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@6 pass in log quick on lo0 inet proto tcp all tos 0x08 keep state label "blah" queue blah +@6 pass in log quick on lo0 inet proto tcp all tos 0x08 keep state label "blah" queue blah [ Skip steps: i=end d=end f=end sa=end sp=end da=end dp=end ] [ queue: qname=blah qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@7 pass in log quick on lo0 inet proto icmp all icmp-type echorep code 0 tos 0x08 +@7 pass in log quick on lo0 inet proto icmp all icmp-type echorep code 0 tos 0x08 [ Skip steps: i=end d=end f=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@8 pass in log quick on lo0 inet proto tcp all flags S/SA allow-opts +@8 pass in log quick on lo0 inet proto tcp all flags S/SA allow-opts [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf39.ok b/regress/sbin/pfctl/pf39.ok index 1ea04191dc7..b2917b9820a 100644 --- a/regress/sbin/pfctl/pf39.ok +++ b/regress/sbin/pfctl/pf39.ok @@ -12,12 +12,12 @@ o_fragment = "fragment " o_allowopts = "allow-opts " o_label = "label blah" o_qname = "queue blah" -pass in log quick on lo0 inet proto tcp all tos 0x08 keep state fragment label "blah" -pass in log quick on lo0 inet proto icmp all user = 3 group = 32767 icmp-type echorep code 0 tos 0x08 keep state allow-opts label "blah" queue blah -pass in log quick on lo0 inet proto icmp all user = 3 group = 0 icmp-type echorep code 0 tos 0x08 keep state allow-opts label "blah" queue blah -pass in log quick on lo0 inet proto icmp all user = 0 group = 32767 icmp-type echorep code 0 tos 0x08 keep state allow-opts label "blah" queue blah -pass in log quick on lo0 inet proto icmp all user = 0 group = 0 icmp-type echorep code 0 tos 0x08 keep state allow-opts label "blah" queue blah -pass in log quick on lo0 inet proto tcp all keep state -pass in log quick on lo0 inet proto tcp all tos 0x08 keep state label "blah" queue blah -pass in log quick on lo0 inet proto icmp all icmp-type echorep code 0 tos 0x08 -pass in log quick on lo0 inet proto tcp all flags S/SA allow-opts +pass in log quick on lo0 inet proto tcp all tos 0x08 keep state fragment label "blah" +pass in log quick on lo0 inet proto icmp all user = 3 group = 32767 icmp-type echorep code 0 tos 0x08 keep state allow-opts label "blah" queue blah +pass in log quick on lo0 inet proto icmp all user = 3 group = 0 icmp-type echorep code 0 tos 0x08 keep state allow-opts label "blah" queue blah +pass in log quick on lo0 inet proto icmp all user = 0 group = 32767 icmp-type echorep code 0 tos 0x08 keep state allow-opts label "blah" queue blah +pass in log quick on lo0 inet proto icmp all user = 0 group = 0 icmp-type echorep code 0 tos 0x08 keep state allow-opts label "blah" queue blah +pass in log quick on lo0 inet proto tcp all keep state +pass in log quick on lo0 inet proto tcp all tos 0x08 keep state label "blah" queue blah +pass in log quick on lo0 inet proto icmp all icmp-type echorep code 0 tos 0x08 +pass in log quick on lo0 inet proto tcp all flags S/SA allow-opts diff --git a/regress/sbin/pfctl/pf4.loaded b/regress/sbin/pfctl/pf4.loaded index 77daaeaf8cc..5500cb1a19e 100644 --- a/regress/sbin/pfctl/pf4.loaded +++ b/regress/sbin/pfctl/pf4.loaded @@ -1,184 +1,184 @@ -@0 block drop in all +@0 block drop in all [ Skip steps: i=end d=end f=5 sa=5 sp=9 da=14 dp=14 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 block drop in proto tcp all +@1 block drop in proto tcp all [ Skip steps: i=end d=end f=5 p=3 sa=5 sp=9 da=14 dp=14 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@2 block drop in proto tcp all +@2 block drop in proto tcp all [ Skip steps: i=end d=end f=5 sa=5 sp=9 da=14 dp=14 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@3 block drop in proto udp all +@3 block drop in proto udp all [ Skip steps: i=end d=end f=5 sa=5 sp=9 da=14 dp=14 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@4 block drop in all +@4 block drop in all [ Skip steps: i=end d=end p=9 sp=9 da=14 dp=14 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@5 block drop in inet from 10.0.0.0/8 to any +@5 block drop in inet from 10.0.0.0/8 to any [ Skip steps: i=end d=end f=9 p=9 sp=9 da=14 dp=14 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@6 block drop in inet from ! 10.0.0.0/8 to any +@6 block drop in inet from ! 10.0.0.0/8 to any [ Skip steps: i=end d=end f=9 p=9 sp=9 da=14 dp=14 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@7 block drop in inet from 10.0.0.0/8 to any +@7 block drop in inet from 10.0.0.0/8 to any [ Skip steps: i=end d=end f=9 p=9 sp=9 da=14 dp=14 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@8 block drop in inet from 172.16.0.0/12 to any +@8 block drop in inet from 172.16.0.0/12 to any [ Skip steps: i=end d=end da=14 dp=14 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@9 block drop in proto tcp from any port = ssh to any +@9 block drop in proto tcp from any port = ssh to any [ Skip steps: i=end d=end f=14 p=30 sa=14 sp=11 da=14 dp=14 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@10 block drop in proto tcp from any port = ssh to any +@10 block drop in proto tcp from any port = ssh to any [ Skip steps: i=end d=end f=14 p=30 sa=14 da=14 dp=14 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@11 block drop in proto tcp from any port 21 >< 2048 to any +@11 block drop in proto tcp from any port 21 >< 2048 to any [ Skip steps: i=end d=end f=14 p=30 sa=14 da=14 dp=14 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@12 block drop in proto tcp from any port != 1234 to any +@12 block drop in proto tcp from any port != 1234 to any [ Skip steps: i=end d=end f=14 p=30 sa=14 da=14 dp=14 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@13 block drop in proto tcp from any port >= 80 to any +@13 block drop in proto tcp from any port >= 80 to any [ Skip steps: i=end d=end p=30 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@14 block drop in inet proto tcp from 10.0.0.0/8 port = ssh to 192.168.0.0/16 port = 6667 +@14 block drop in inet proto tcp from 10.0.0.0/8 port = ssh to 192.168.0.0/16 port = 6667 [ Skip steps: i=end d=end f=end p=30 sa=22 sp=18 da=16 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@15 block drop in inet proto tcp from 10.0.0.0/8 port = ssh to 192.168.0.0/16 port = 6668 +@15 block drop in inet proto tcp from 10.0.0.0/8 port = ssh to 192.168.0.0/16 port = 6668 [ Skip steps: i=end d=end f=end p=30 sa=22 sp=18 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@16 block drop in inet proto tcp from 10.0.0.0/8 port = ssh to 12.34.56.78 port = 6667 +@16 block drop in inet proto tcp from 10.0.0.0/8 port = ssh to 12.34.56.78 port = 6667 [ Skip steps: i=end d=end f=end p=30 sa=22 sp=18 da=18 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@17 block drop in inet proto tcp from 10.0.0.0/8 port = ssh to 12.34.56.78 port = 6668 +@17 block drop in inet proto tcp from 10.0.0.0/8 port = ssh to 12.34.56.78 port = 6668 [ Skip steps: i=end d=end f=end p=30 sa=22 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@18 block drop in inet proto tcp from 10.0.0.0/8 port = ftp to 192.168.0.0/16 port = 6667 +@18 block drop in inet proto tcp from 10.0.0.0/8 port = ftp to 192.168.0.0/16 port = 6667 [ Skip steps: i=end d=end f=end p=30 sa=22 sp=22 da=20 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@19 block drop in inet proto tcp from 10.0.0.0/8 port = ftp to 192.168.0.0/16 port = 6668 +@19 block drop in inet proto tcp from 10.0.0.0/8 port = ftp to 192.168.0.0/16 port = 6668 [ Skip steps: i=end d=end f=end p=30 sa=22 sp=22 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@20 block drop in inet proto tcp from 10.0.0.0/8 port = ftp to 12.34.56.78 port = 6667 +@20 block drop in inet proto tcp from 10.0.0.0/8 port = ftp to 12.34.56.78 port = 6667 [ Skip steps: i=end d=end f=end p=30 sa=22 sp=22 da=22 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@21 block drop in inet proto tcp from 10.0.0.0/8 port = ftp to 12.34.56.78 port = 6668 +@21 block drop in inet proto tcp from 10.0.0.0/8 port = ftp to 12.34.56.78 port = 6668 [ Skip steps: i=end d=end f=end p=30 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@22 block drop in inet proto tcp from 172.16.0.0/12 port = ssh to 192.168.0.0/16 port = 6667 +@22 block drop in inet proto tcp from 172.16.0.0/12 port = ssh to 192.168.0.0/16 port = 6667 [ Skip steps: i=end d=end f=end p=30 sa=30 sp=26 da=24 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@23 block drop in inet proto tcp from 172.16.0.0/12 port = ssh to 192.168.0.0/16 port = 6668 +@23 block drop in inet proto tcp from 172.16.0.0/12 port = ssh to 192.168.0.0/16 port = 6668 [ Skip steps: i=end d=end f=end p=30 sa=30 sp=26 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@24 block drop in inet proto tcp from 172.16.0.0/12 port = ssh to 12.34.56.78 port = 6667 +@24 block drop in inet proto tcp from 172.16.0.0/12 port = ssh to 12.34.56.78 port = 6667 [ Skip steps: i=end d=end f=end p=30 sa=30 sp=26 da=26 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@25 block drop in inet proto tcp from 172.16.0.0/12 port = ssh to 12.34.56.78 port = 6668 +@25 block drop in inet proto tcp from 172.16.0.0/12 port = ssh to 12.34.56.78 port = 6668 [ Skip steps: i=end d=end f=end p=30 sa=30 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@26 block drop in inet proto tcp from 172.16.0.0/12 port = ftp to 192.168.0.0/16 port = 6667 +@26 block drop in inet proto tcp from 172.16.0.0/12 port = ftp to 192.168.0.0/16 port = 6667 [ Skip steps: i=end d=end f=end p=30 sa=30 sp=30 da=28 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@27 block drop in inet proto tcp from 172.16.0.0/12 port = ftp to 192.168.0.0/16 port = 6668 +@27 block drop in inet proto tcp from 172.16.0.0/12 port = ftp to 192.168.0.0/16 port = 6668 [ Skip steps: i=end d=end f=end p=30 sa=30 sp=30 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@28 block drop in inet proto tcp from 172.16.0.0/12 port = ftp to 12.34.56.78 port = 6667 +@28 block drop in inet proto tcp from 172.16.0.0/12 port = ftp to 12.34.56.78 port = 6667 [ Skip steps: i=end d=end f=end p=30 sa=30 sp=30 da=30 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@29 block drop in inet proto tcp from 172.16.0.0/12 port = ftp to 12.34.56.78 port = 6668 +@29 block drop in inet proto tcp from 172.16.0.0/12 port = ftp to 12.34.56.78 port = 6668 [ Skip steps: i=end d=end f=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@30 block drop in inet proto udp from 10.0.0.0/8 port = ssh to 192.168.0.0/16 port = 6667 +@30 block drop in inet proto udp from 10.0.0.0/8 port = ssh to 192.168.0.0/16 port = 6667 [ Skip steps: i=end d=end f=end p=end sa=38 sp=34 da=32 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@31 block drop in inet proto udp from 10.0.0.0/8 port = ssh to 192.168.0.0/16 port = 6668 +@31 block drop in inet proto udp from 10.0.0.0/8 port = ssh to 192.168.0.0/16 port = 6668 [ Skip steps: i=end d=end f=end p=end sa=38 sp=34 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@32 block drop in inet proto udp from 10.0.0.0/8 port = ssh to 12.34.56.78 port = 6667 +@32 block drop in inet proto udp from 10.0.0.0/8 port = ssh to 12.34.56.78 port = 6667 [ Skip steps: i=end d=end f=end p=end sa=38 sp=34 da=34 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@33 block drop in inet proto udp from 10.0.0.0/8 port = ssh to 12.34.56.78 port = 6668 +@33 block drop in inet proto udp from 10.0.0.0/8 port = ssh to 12.34.56.78 port = 6668 [ Skip steps: i=end d=end f=end p=end sa=38 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@34 block drop in inet proto udp from 10.0.0.0/8 port = 21 to 192.168.0.0/16 port = 6667 +@34 block drop in inet proto udp from 10.0.0.0/8 port = 21 to 192.168.0.0/16 port = 6667 [ Skip steps: i=end d=end f=end p=end sa=38 sp=38 da=36 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@35 block drop in inet proto udp from 10.0.0.0/8 port = 21 to 192.168.0.0/16 port = 6668 +@35 block drop in inet proto udp from 10.0.0.0/8 port = 21 to 192.168.0.0/16 port = 6668 [ Skip steps: i=end d=end f=end p=end sa=38 sp=38 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@36 block drop in inet proto udp from 10.0.0.0/8 port = 21 to 12.34.56.78 port = 6667 +@36 block drop in inet proto udp from 10.0.0.0/8 port = 21 to 12.34.56.78 port = 6667 [ Skip steps: i=end d=end f=end p=end sa=38 sp=38 da=38 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@37 block drop in inet proto udp from 10.0.0.0/8 port = 21 to 12.34.56.78 port = 6668 +@37 block drop in inet proto udp from 10.0.0.0/8 port = 21 to 12.34.56.78 port = 6668 [ Skip steps: i=end d=end f=end p=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@38 block drop in inet proto udp from 172.16.0.0/12 port = ssh to 192.168.0.0/16 port = 6667 +@38 block drop in inet proto udp from 172.16.0.0/12 port = ssh to 192.168.0.0/16 port = 6667 [ Skip steps: i=end d=end f=end p=end sa=end sp=42 da=40 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@39 block drop in inet proto udp from 172.16.0.0/12 port = ssh to 192.168.0.0/16 port = 6668 +@39 block drop in inet proto udp from 172.16.0.0/12 port = ssh to 192.168.0.0/16 port = 6668 [ Skip steps: i=end d=end f=end p=end sa=end sp=42 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@40 block drop in inet proto udp from 172.16.0.0/12 port = ssh to 12.34.56.78 port = 6667 +@40 block drop in inet proto udp from 172.16.0.0/12 port = ssh to 12.34.56.78 port = 6667 [ Skip steps: i=end d=end f=end p=end sa=end sp=42 da=42 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@41 block drop in inet proto udp from 172.16.0.0/12 port = ssh to 12.34.56.78 port = 6668 +@41 block drop in inet proto udp from 172.16.0.0/12 port = ssh to 12.34.56.78 port = 6668 [ Skip steps: i=end d=end f=end p=end sa=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@42 block drop in inet proto udp from 172.16.0.0/12 port = 21 to 192.168.0.0/16 port = 6667 +@42 block drop in inet proto udp from 172.16.0.0/12 port = 21 to 192.168.0.0/16 port = 6667 [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=44 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@43 block drop in inet proto udp from 172.16.0.0/12 port = 21 to 192.168.0.0/16 port = 6668 +@43 block drop in inet proto udp from 172.16.0.0/12 port = 21 to 192.168.0.0/16 port = 6668 [ Skip steps: i=end d=end f=end p=end sa=end sp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@44 block drop in inet proto udp from 172.16.0.0/12 port = 21 to 12.34.56.78 port = 6667 +@44 block drop in inet proto udp from 172.16.0.0/12 port = 21 to 12.34.56.78 port = 6667 [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@45 block drop in inet proto udp from 172.16.0.0/12 port = 21 to 12.34.56.78 port = 6668 +@45 block drop in inet proto udp from 172.16.0.0/12 port = 21 to 12.34.56.78 port = 6668 [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf4.ok b/regress/sbin/pfctl/pf4.ok index d51cc9a3d94..9a4cb54e8cc 100644 --- a/regress/sbin/pfctl/pf4.ok +++ b/regress/sbin/pfctl/pf4.ok @@ -1,46 +1,46 @@ -block drop in all -block drop in proto tcp all -block drop in proto tcp all -block drop in proto udp all -block drop in all -block drop in inet from 10.0.0.0/8 to any -block drop in inet from ! 10.0.0.0/8 to any -block drop in inet from 10.0.0.0/8 to any -block drop in inet from 172.16.0.0/12 to any -block drop in proto tcp from any port = ssh to any -block drop in proto tcp from any port = ssh to any -block drop in proto tcp from any port 21 >< 2048 to any -block drop in proto tcp from any port != 1234 to any -block drop in proto tcp from any port >= 80 to any -block drop in inet proto tcp from 10.0.0.0/8 port = ssh to 192.168.0.0/16 port = 6667 -block drop in inet proto tcp from 10.0.0.0/8 port = ssh to 192.168.0.0/16 port = 6668 -block drop in inet proto tcp from 10.0.0.0/8 port = ssh to 12.34.56.78 port = 6667 -block drop in inet proto tcp from 10.0.0.0/8 port = ssh to 12.34.56.78 port = 6668 -block drop in inet proto tcp from 10.0.0.0/8 port = ftp to 192.168.0.0/16 port = 6667 -block drop in inet proto tcp from 10.0.0.0/8 port = ftp to 192.168.0.0/16 port = 6668 -block drop in inet proto tcp from 10.0.0.0/8 port = ftp to 12.34.56.78 port = 6667 -block drop in inet proto tcp from 10.0.0.0/8 port = ftp to 12.34.56.78 port = 6668 -block drop in inet proto tcp from 172.16.0.0/12 port = ssh to 192.168.0.0/16 port = 6667 -block drop in inet proto tcp from 172.16.0.0/12 port = ssh to 192.168.0.0/16 port = 6668 -block drop in inet proto tcp from 172.16.0.0/12 port = ssh to 12.34.56.78 port = 6667 -block drop in inet proto tcp from 172.16.0.0/12 port = ssh to 12.34.56.78 port = 6668 -block drop in inet proto tcp from 172.16.0.0/12 port = ftp to 192.168.0.0/16 port = 6667 -block drop in inet proto tcp from 172.16.0.0/12 port = ftp to 192.168.0.0/16 port = 6668 -block drop in inet proto tcp from 172.16.0.0/12 port = ftp to 12.34.56.78 port = 6667 -block drop in inet proto tcp from 172.16.0.0/12 port = ftp to 12.34.56.78 port = 6668 -block drop in inet proto udp from 10.0.0.0/8 port = ssh to 192.168.0.0/16 port = 6667 -block drop in inet proto udp from 10.0.0.0/8 port = ssh to 192.168.0.0/16 port = 6668 -block drop in inet proto udp from 10.0.0.0/8 port = ssh to 12.34.56.78 port = 6667 -block drop in inet proto udp from 10.0.0.0/8 port = ssh to 12.34.56.78 port = 6668 -block drop in inet proto udp from 10.0.0.0/8 port = 21 to 192.168.0.0/16 port = 6667 -block drop in inet proto udp from 10.0.0.0/8 port = 21 to 192.168.0.0/16 port = 6668 -block drop in inet proto udp from 10.0.0.0/8 port = 21 to 12.34.56.78 port = 6667 -block drop in inet proto udp from 10.0.0.0/8 port = 21 to 12.34.56.78 port = 6668 -block drop in inet proto udp from 172.16.0.0/12 port = ssh to 192.168.0.0/16 port = 6667 -block drop in inet proto udp from 172.16.0.0/12 port = ssh to 192.168.0.0/16 port = 6668 -block drop in inet proto udp from 172.16.0.0/12 port = ssh to 12.34.56.78 port = 6667 -block drop in inet proto udp from 172.16.0.0/12 port = ssh to 12.34.56.78 port = 6668 -block drop in inet proto udp from 172.16.0.0/12 port = 21 to 192.168.0.0/16 port = 6667 -block drop in inet proto udp from 172.16.0.0/12 port = 21 to 192.168.0.0/16 port = 6668 -block drop in inet proto udp from 172.16.0.0/12 port = 21 to 12.34.56.78 port = 6667 -block drop in inet proto udp from 172.16.0.0/12 port = 21 to 12.34.56.78 port = 6668 +block drop in all +block drop in proto tcp all +block drop in proto tcp all +block drop in proto udp all +block drop in all +block drop in inet from 10.0.0.0/8 to any +block drop in inet from ! 10.0.0.0/8 to any +block drop in inet from 10.0.0.0/8 to any +block drop in inet from 172.16.0.0/12 to any +block drop in proto tcp from any port = ssh to any +block drop in proto tcp from any port = ssh to any +block drop in proto tcp from any port 21 >< 2048 to any +block drop in proto tcp from any port != 1234 to any +block drop in proto tcp from any port >= 80 to any +block drop in inet proto tcp from 10.0.0.0/8 port = ssh to 192.168.0.0/16 port = 6667 +block drop in inet proto tcp from 10.0.0.0/8 port = ssh to 192.168.0.0/16 port = 6668 +block drop in inet proto tcp from 10.0.0.0/8 port = ssh to 12.34.56.78 port = 6667 +block drop in inet proto tcp from 10.0.0.0/8 port = ssh to 12.34.56.78 port = 6668 +block drop in inet proto tcp from 10.0.0.0/8 port = ftp to 192.168.0.0/16 port = 6667 +block drop in inet proto tcp from 10.0.0.0/8 port = ftp to 192.168.0.0/16 port = 6668 +block drop in inet proto tcp from 10.0.0.0/8 port = ftp to 12.34.56.78 port = 6667 +block drop in inet proto tcp from 10.0.0.0/8 port = ftp to 12.34.56.78 port = 6668 +block drop in inet proto tcp from 172.16.0.0/12 port = ssh to 192.168.0.0/16 port = 6667 +block drop in inet proto tcp from 172.16.0.0/12 port = ssh to 192.168.0.0/16 port = 6668 +block drop in inet proto tcp from 172.16.0.0/12 port = ssh to 12.34.56.78 port = 6667 +block drop in inet proto tcp from 172.16.0.0/12 port = ssh to 12.34.56.78 port = 6668 +block drop in inet proto tcp from 172.16.0.0/12 port = ftp to 192.168.0.0/16 port = 6667 +block drop in inet proto tcp from 172.16.0.0/12 port = ftp to 192.168.0.0/16 port = 6668 +block drop in inet proto tcp from 172.16.0.0/12 port = ftp to 12.34.56.78 port = 6667 +block drop in inet proto tcp from 172.16.0.0/12 port = ftp to 12.34.56.78 port = 6668 +block drop in inet proto udp from 10.0.0.0/8 port = ssh to 192.168.0.0/16 port = 6667 +block drop in inet proto udp from 10.0.0.0/8 port = ssh to 192.168.0.0/16 port = 6668 +block drop in inet proto udp from 10.0.0.0/8 port = ssh to 12.34.56.78 port = 6667 +block drop in inet proto udp from 10.0.0.0/8 port = ssh to 12.34.56.78 port = 6668 +block drop in inet proto udp from 10.0.0.0/8 port = 21 to 192.168.0.0/16 port = 6667 +block drop in inet proto udp from 10.0.0.0/8 port = 21 to 192.168.0.0/16 port = 6668 +block drop in inet proto udp from 10.0.0.0/8 port = 21 to 12.34.56.78 port = 6667 +block drop in inet proto udp from 10.0.0.0/8 port = 21 to 12.34.56.78 port = 6668 +block drop in inet proto udp from 172.16.0.0/12 port = ssh to 192.168.0.0/16 port = 6667 +block drop in inet proto udp from 172.16.0.0/12 port = ssh to 192.168.0.0/16 port = 6668 +block drop in inet proto udp from 172.16.0.0/12 port = ssh to 12.34.56.78 port = 6667 +block drop in inet proto udp from 172.16.0.0/12 port = ssh to 12.34.56.78 port = 6668 +block drop in inet proto udp from 172.16.0.0/12 port = 21 to 192.168.0.0/16 port = 6667 +block drop in inet proto udp from 172.16.0.0/12 port = 21 to 192.168.0.0/16 port = 6668 +block drop in inet proto udp from 172.16.0.0/12 port = 21 to 12.34.56.78 port = 6667 +block drop in inet proto udp from 172.16.0.0/12 port = 21 to 12.34.56.78 port = 6668 diff --git a/regress/sbin/pfctl/pf40.loaded b/regress/sbin/pfctl/pf40.loaded index 58017ac48ff..85f1ad4dff6 100644 --- a/regress/sbin/pfctl/pf40.loaded +++ b/regress/sbin/pfctl/pf40.loaded @@ -1,104 +1,104 @@ -@0 scrub all fragment reassemble +@0 scrub all fragment reassemble [ Skip steps: i=end d=2 f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 scrub all fragment reassemble +@1 scrub all fragment reassemble [ Skip steps: i=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@2 scrub in all fragment reassemble +@2 scrub in all fragment reassemble [ Skip steps: i=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@3 scrub out all fragment reassemble +@3 scrub out all fragment reassemble [ Skip steps: i=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@4 scrub in all fragment reassemble +@4 scrub in all fragment reassemble [ Skip steps: i=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@5 scrub all fragment reassemble +@5 scrub all fragment reassemble [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@0 block drop all +@0 block drop all [ Skip steps: i=12 d=4 f=end p=2 sa=end sp=end da=end dp=19 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 block return all +@1 block return all [ Skip steps: i=12 d=4 f=end sa=end sp=end da=end dp=19 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@2 block return-rst proto tcp all +@2 block return-rst proto tcp all [ Skip steps: i=12 d=4 f=end sa=end sp=end da=end dp=19 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@3 pass all +@3 pass all [ Skip steps: i=12 f=end p=15 sa=end sp=end da=end dp=19 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@4 pass in all +@4 pass in all [ Skip steps: i=12 f=end p=15 sa=end sp=end da=end dp=19 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@5 pass out all +@5 pass out all [ Skip steps: i=12 f=end p=15 sa=end sp=end da=end dp=19 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@6 pass all +@6 pass all [ Skip steps: i=12 f=end p=15 sa=end sp=end da=end dp=19 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@7 block drop in all +@7 block drop in all [ Skip steps: i=12 f=end p=15 sa=end sp=end da=end dp=19 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@8 block drop out all +@8 block drop out all [ Skip steps: i=12 f=end p=15 sa=end sp=end da=end dp=19 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@9 block drop all +@9 block drop all [ Skip steps: i=12 f=end p=15 sa=end sp=end da=end dp=19 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@10 pass in all +@10 pass in all [ Skip steps: i=12 f=end p=15 sa=end sp=end da=end dp=19 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@11 pass out all +@11 pass out all [ Skip steps: f=end p=15 sa=end sp=end da=end dp=19 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@12 block drop on lo0 all +@12 block drop on lo0 all [ Skip steps: i=15 d=17 f=end p=15 sa=end sp=end da=end dp=19 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@13 pass on lo0 all +@13 pass on lo0 all [ Skip steps: i=15 d=17 f=end p=15 sa=end sp=end da=end dp=19 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@14 block drop on lo0 all +@14 block drop on lo0 all [ Skip steps: d=17 f=end sa=end sp=end da=end dp=19 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@15 pass proto tcp all flags S/SA +@15 pass proto tcp all flags S/SA [ Skip steps: i=19 d=17 f=end sa=end sp=end da=end dp=19 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@16 pass proto udp all keep state +@16 pass proto udp all keep state [ Skip steps: i=19 f=end p=19 sa=end sp=end da=end dp=19 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@17 pass in proto udp all keep state +@17 pass in proto udp all keep state [ Skip steps: i=19 f=end p=19 sa=end sp=end da=end dp=19 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@18 pass out proto udp all keep state +@18 pass out proto udp all keep state [ Skip steps: d=end f=end sa=end sp=end da=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@19 pass out on lo0 proto tcp from any to any port = smtp keep state +@19 pass out on lo0 proto tcp from any to any port = smtp keep state [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf40.ok b/regress/sbin/pfctl/pf40.ok index d919b8d5511..efb69064982 100644 --- a/regress/sbin/pfctl/pf40.ok +++ b/regress/sbin/pfctl/pf40.ok @@ -1,26 +1,26 @@ -scrub all fragment reassemble -scrub all fragment reassemble -scrub in all fragment reassemble -scrub out all fragment reassemble -scrub in all fragment reassemble -scrub all fragment reassemble -block drop all -block return all -block return-rst proto tcp all -pass all -pass in all -pass out all -pass all -block drop in all -block drop out all -block drop all -pass in all -pass out all -block drop on lo0 all -pass on lo0 all -block drop on lo0 all -pass proto tcp all flags S/SA -pass proto udp all keep state -pass in proto udp all keep state -pass out proto udp all keep state -pass out on lo0 proto tcp from any to any port = smtp keep state +scrub all fragment reassemble +scrub all fragment reassemble +scrub in all fragment reassemble +scrub out all fragment reassemble +scrub in all fragment reassemble +scrub all fragment reassemble +block drop all +block return all +block return-rst proto tcp all +pass all +pass in all +pass out all +pass all +block drop in all +block drop out all +block drop all +pass in all +pass out all +block drop on lo0 all +pass on lo0 all +block drop on lo0 all +pass proto tcp all flags S/SA +pass proto udp all keep state +pass in proto udp all keep state +pass out proto udp all keep state +pass out on lo0 proto tcp from any to any port = smtp keep state diff --git a/regress/sbin/pfctl/pf41.ok b/regress/sbin/pfctl/pf41.ok index 36c72a7e58f..bdcd527d144 100644 --- a/regress/sbin/pfctl/pf41.ok +++ b/regress/sbin/pfctl/pf41.ok @@ -1,55 +1,55 @@ -nat-anchor foo all -nat-anchor foo all -nat-anchor foo all -nat-anchor foo inet proto tcp from 10.0.0.0/8 to ! 1.2.3.4 -nat-anchor foo inet proto udp from 10.1.2.3 port = 2000 to 10.3.4.5 port < 1000 -nat-anchor foo inet proto udp from 10.1.2.3 port = 2000 to 10.3.4.5 port > 1100 -nat-anchor foo inet proto udp from 10.1.2.3 port = 2000 to 10.4.5.6 port < 1000 -nat-anchor foo inet proto udp from 10.1.2.3 port = 2000 to 10.4.5.6 port > 1100 -nat-anchor foo inet proto udp from 10.1.2.3 port < 2100 to 10.3.4.5 port < 1000 -nat-anchor foo inet proto udp from 10.1.2.3 port < 2100 to 10.3.4.5 port > 1100 -nat-anchor foo inet proto udp from 10.1.2.3 port < 2100 to 10.4.5.6 port < 1000 -nat-anchor foo inet proto udp from 10.1.2.3 port < 2100 to 10.4.5.6 port > 1100 -nat-anchor foo inet proto udp from 10.2.3.4 port = 2000 to 10.3.4.5 port < 1000 -nat-anchor foo inet proto udp from 10.2.3.4 port = 2000 to 10.3.4.5 port > 1100 -nat-anchor foo inet proto udp from 10.2.3.4 port = 2000 to 10.4.5.6 port < 1000 -nat-anchor foo inet proto udp from 10.2.3.4 port = 2000 to 10.4.5.6 port > 1100 -nat-anchor foo inet proto udp from 10.2.3.4 port < 2100 to 10.3.4.5 port < 1000 -nat-anchor foo inet proto udp from 10.2.3.4 port < 2100 to 10.3.4.5 port > 1100 -nat-anchor foo inet proto udp from 10.2.3.4 port < 2100 to 10.4.5.6 port < 1000 -nat-anchor foo inet proto udp from 10.2.3.4 port < 2100 to 10.4.5.6 port > 1100 -nat-anchor foo inet proto tcp from 10.1.2.3 port = 2000 to 10.3.4.5 port < 1000 -nat-anchor foo inet proto tcp from 10.1.2.3 port = 2000 to 10.3.4.5 port > 1100 -nat-anchor foo inet proto tcp from 10.1.2.3 port = 2000 to 10.4.5.6 port < 1000 -nat-anchor foo inet proto tcp from 10.1.2.3 port = 2000 to 10.4.5.6 port > 1100 -nat-anchor foo inet proto tcp from 10.1.2.3 port < 2100 to 10.3.4.5 port < 1000 -nat-anchor foo inet proto tcp from 10.1.2.3 port < 2100 to 10.3.4.5 port > 1100 -nat-anchor foo inet proto tcp from 10.1.2.3 port < 2100 to 10.4.5.6 port < 1000 -nat-anchor foo inet proto tcp from 10.1.2.3 port < 2100 to 10.4.5.6 port > 1100 -nat-anchor foo inet proto tcp from 10.2.3.4 port = 2000 to 10.3.4.5 port < 1000 -nat-anchor foo inet proto tcp from 10.2.3.4 port = 2000 to 10.3.4.5 port > 1100 -nat-anchor foo inet proto tcp from 10.2.3.4 port = 2000 to 10.4.5.6 port < 1000 -nat-anchor foo inet proto tcp from 10.2.3.4 port = 2000 to 10.4.5.6 port > 1100 -nat-anchor foo inet proto tcp from 10.2.3.4 port < 2100 to 10.3.4.5 port < 1000 -nat-anchor foo inet proto tcp from 10.2.3.4 port < 2100 to 10.3.4.5 port > 1100 -nat-anchor foo inet proto tcp from 10.2.3.4 port < 2100 to 10.4.5.6 port < 1000 -nat-anchor foo inet proto tcp from 10.2.3.4 port < 2100 to 10.4.5.6 port > 1100 -rdr-anchor bar all -rdr-anchor bar all -rdr-anchor bar all -rdr-anchor bar inet proto tcp from 10.0.0.0/8 to ! 1.2.3.4 -rdr-anchor bar inet proto udp from any to 10.1.2.0/24 port = 25 -rdr-anchor bar inet proto tcp from any to 10.1.2.0/24 port = smtp -binat-anchor baz all -binat-anchor baz all -binat-anchor baz all -binat-anchor baz inet proto tcp all -anchor foo all -anchor bar all -anchor bar all -anchor foo inet all -anchor foo inet6 all -anchor foo inet all -anchor foo proto tcp all -anchor foo inet proto tcp from 10.1.2.3 port = smtp to 10.2.3.4 port = ssh -anchor foobar inet6 proto udp from ::1 port = 1 to ::1 port = 2 +nat-anchor foo all +nat-anchor foo all +nat-anchor foo all +nat-anchor foo inet proto tcp from 10.0.0.0/8 to ! 1.2.3.4 +nat-anchor foo inet proto udp from 10.1.2.3 port = 2000 to 10.3.4.5 port < 1000 +nat-anchor foo inet proto udp from 10.1.2.3 port = 2000 to 10.3.4.5 port > 1100 +nat-anchor foo inet proto udp from 10.1.2.3 port = 2000 to 10.4.5.6 port < 1000 +nat-anchor foo inet proto udp from 10.1.2.3 port = 2000 to 10.4.5.6 port > 1100 +nat-anchor foo inet proto udp from 10.1.2.3 port < 2100 to 10.3.4.5 port < 1000 +nat-anchor foo inet proto udp from 10.1.2.3 port < 2100 to 10.3.4.5 port > 1100 +nat-anchor foo inet proto udp from 10.1.2.3 port < 2100 to 10.4.5.6 port < 1000 +nat-anchor foo inet proto udp from 10.1.2.3 port < 2100 to 10.4.5.6 port > 1100 +nat-anchor foo inet proto udp from 10.2.3.4 port = 2000 to 10.3.4.5 port < 1000 +nat-anchor foo inet proto udp from 10.2.3.4 port = 2000 to 10.3.4.5 port > 1100 +nat-anchor foo inet proto udp from 10.2.3.4 port = 2000 to 10.4.5.6 port < 1000 +nat-anchor foo inet proto udp from 10.2.3.4 port = 2000 to 10.4.5.6 port > 1100 +nat-anchor foo inet proto udp from 10.2.3.4 port < 2100 to 10.3.4.5 port < 1000 +nat-anchor foo inet proto udp from 10.2.3.4 port < 2100 to 10.3.4.5 port > 1100 +nat-anchor foo inet proto udp from 10.2.3.4 port < 2100 to 10.4.5.6 port < 1000 +nat-anchor foo inet proto udp from 10.2.3.4 port < 2100 to 10.4.5.6 port > 1100 +nat-anchor foo inet proto tcp from 10.1.2.3 port = 2000 to 10.3.4.5 port < 1000 +nat-anchor foo inet proto tcp from 10.1.2.3 port = 2000 to 10.3.4.5 port > 1100 +nat-anchor foo inet proto tcp from 10.1.2.3 port = 2000 to 10.4.5.6 port < 1000 +nat-anchor foo inet proto tcp from 10.1.2.3 port = 2000 to 10.4.5.6 port > 1100 +nat-anchor foo inet proto tcp from 10.1.2.3 port < 2100 to 10.3.4.5 port < 1000 +nat-anchor foo inet proto tcp from 10.1.2.3 port < 2100 to 10.3.4.5 port > 1100 +nat-anchor foo inet proto tcp from 10.1.2.3 port < 2100 to 10.4.5.6 port < 1000 +nat-anchor foo inet proto tcp from 10.1.2.3 port < 2100 to 10.4.5.6 port > 1100 +nat-anchor foo inet proto tcp from 10.2.3.4 port = 2000 to 10.3.4.5 port < 1000 +nat-anchor foo inet proto tcp from 10.2.3.4 port = 2000 to 10.3.4.5 port > 1100 +nat-anchor foo inet proto tcp from 10.2.3.4 port = 2000 to 10.4.5.6 port < 1000 +nat-anchor foo inet proto tcp from 10.2.3.4 port = 2000 to 10.4.5.6 port > 1100 +nat-anchor foo inet proto tcp from 10.2.3.4 port < 2100 to 10.3.4.5 port < 1000 +nat-anchor foo inet proto tcp from 10.2.3.4 port < 2100 to 10.3.4.5 port > 1100 +nat-anchor foo inet proto tcp from 10.2.3.4 port < 2100 to 10.4.5.6 port < 1000 +nat-anchor foo inet proto tcp from 10.2.3.4 port < 2100 to 10.4.5.6 port > 1100 +rdr-anchor bar all +rdr-anchor bar all +rdr-anchor bar all +rdr-anchor bar inet proto tcp from 10.0.0.0/8 to ! 1.2.3.4 +rdr-anchor bar inet proto udp from any to 10.1.2.0/24 port = 25 +rdr-anchor bar inet proto tcp from any to 10.1.2.0/24 port = smtp +binat-anchor baz all +binat-anchor baz all +binat-anchor baz all +binat-anchor baz inet proto tcp all +anchor foo all +anchor bar all +anchor bar all +anchor foo inet all +anchor foo inet6 all +anchor foo inet all +anchor foo proto tcp all +anchor foo inet proto tcp from 10.1.2.3 port = smtp to 10.2.3.4 port = ssh +anchor foobar inet6 proto udp from ::1 port = 1 to ::1 port = 2 diff --git a/regress/sbin/pfctl/pf43.ok b/regress/sbin/pfctl/pf43.ok index b6bf13914d9..05fbda3cf58 100644 --- a/regress/sbin/pfctl/pf43.ok +++ b/regress/sbin/pfctl/pf43.ok @@ -1,8 +1,8 @@ altq on lo0 cbq bandwidth 100Mb tbrsize 3648 queue { bulk prio } queue bulk cbq( default ) queue prio priority 7 -pass in on lo0 inet proto tcp from any to 127.0.0.1 port = ssh queue(bulk, prio) -pass in on lo0 inet proto tcp from any to 127.0.0.1 port = ssh queue bulk -pass in on lo0 inet proto tcp from any to 127.0.0.1 port = ssh queue(bulk, prio) -pass in on lo0 inet proto tcp from any to 127.0.0.1 port = ssh queue bulk -pass in on lo0 inet proto tcp from any to 127.0.0.1 port = ssh queue(bulk, prio) +pass in on lo0 inet proto tcp from any to 127.0.0.1 port = ssh queue(bulk, prio) +pass in on lo0 inet proto tcp from any to 127.0.0.1 port = ssh queue bulk +pass in on lo0 inet proto tcp from any to 127.0.0.1 port = ssh queue(bulk, prio) +pass in on lo0 inet proto tcp from any to 127.0.0.1 port = ssh queue bulk +pass in on lo0 inet proto tcp from any to 127.0.0.1 port = ssh queue(bulk, prio) diff --git a/regress/sbin/pfctl/pf44.loaded b/regress/sbin/pfctl/pf44.loaded index ba35d7f629b..57641868833 100644 --- a/regress/sbin/pfctl/pf44.loaded +++ b/regress/sbin/pfctl/pf44.loaded @@ -1,24 +1,24 @@ -@0 scrub in on lo0 all no-df min-ttl 15 max-mss 224 fragment reassemble +@0 scrub in on lo0 all no-df min-ttl 15 max-mss 224 fragment reassemble [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 scrub in on lo0 all no-df min-ttl 15 max-mss 224 fragment reassemble +@1 scrub in on lo0 all no-df min-ttl 15 max-mss 224 fragment reassemble [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@2 scrub in on lo0 all no-df min-ttl 15 max-mss 224 fragment reassemble +@2 scrub in on lo0 all no-df min-ttl 15 max-mss 224 fragment reassemble [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@3 scrub in on lo0 all no-df min-ttl 15 max-mss 224 fragment drop-ovl +@3 scrub in on lo0 all no-df min-ttl 15 max-mss 224 fragment drop-ovl [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@4 scrub in on lo0 all no-df min-ttl 15 max-mss 224 fragment crop +@4 scrub in on lo0 all no-df min-ttl 15 max-mss 224 fragment crop [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@5 scrub in on lo0 all no-df min-ttl 15 max-mss 224 fragment reassemble +@5 scrub in on lo0 all no-df min-ttl 15 max-mss 224 fragment reassemble [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf44.ok b/regress/sbin/pfctl/pf44.ok index f35423a6d92..19f1e218a28 100644 --- a/regress/sbin/pfctl/pf44.ok +++ b/regress/sbin/pfctl/pf44.ok @@ -1,6 +1,6 @@ -scrub in on lo0 all no-df min-ttl 15 max-mss 224 fragment reassemble -scrub in on lo0 all no-df min-ttl 15 max-mss 224 fragment reassemble -scrub in on lo0 all no-df min-ttl 15 max-mss 224 fragment reassemble -scrub in on lo0 all no-df min-ttl 15 max-mss 224 fragment drop-ovl -scrub in on lo0 all no-df min-ttl 15 max-mss 224 fragment crop -scrub in on lo0 all no-df min-ttl 15 max-mss 224 fragment reassemble +scrub in on lo0 all no-df min-ttl 15 max-mss 224 fragment reassemble +scrub in on lo0 all no-df min-ttl 15 max-mss 224 fragment reassemble +scrub in on lo0 all no-df min-ttl 15 max-mss 224 fragment reassemble +scrub in on lo0 all no-df min-ttl 15 max-mss 224 fragment drop-ovl +scrub in on lo0 all no-df min-ttl 15 max-mss 224 fragment crop +scrub in on lo0 all no-df min-ttl 15 max-mss 224 fragment reassemble diff --git a/regress/sbin/pfctl/pf46.loaded b/regress/sbin/pfctl/pf46.loaded index 0ba2b12a220..225da0038fa 100644 --- a/regress/sbin/pfctl/pf46.loaded +++ b/regress/sbin/pfctl/pf46.loaded @@ -1,32 +1,32 @@ -@0 pass in on lo0 route-to { (pflog0 127.0.0.1), (pflog0 127.0.0.2) } round-robin inet all +@0 pass in on lo0 route-to { (pflog0 127.0.0.1), (pflog0 127.0.0.2) } round-robin inet all [ Skip steps: i=end f=4 p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 pass out on lo0 route-to { (pflog0 127.0.0.1), (pflog0 127.0.0.2) } round-robin inet all +@1 pass out on lo0 route-to { (pflog0 127.0.0.1), (pflog0 127.0.0.2) } round-robin inet all [ Skip steps: i=end f=4 p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@2 pass in on lo0 route-to (pflog0 127.0.0.0/24) bitmask inet all +@2 pass in on lo0 route-to (pflog0 127.0.0.0/24) bitmask inet all [ Skip steps: i=end f=4 p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@3 pass out on lo0 dup-to (pflog0 127.0.0.0/24) random inet all +@3 pass out on lo0 dup-to (pflog0 127.0.0.0/24) random inet all [ Skip steps: i=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@4 pass in on lo0 reply-to { pflog0, pflog0 } round-robin inet6 all +@4 pass in on lo0 reply-to { pflog0, pflog0 } round-robin inet6 all [ Skip steps: i=end d=6 p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@5 pass in on lo0 reply-to (pflog0 127.0.0.0/28) source-hash 0x0123456789abcdef0123456789abcdef inet all +@5 pass in on lo0 reply-to (pflog0 127.0.0.0/28) source-hash 0x0123456789abcdef0123456789abcdef inet all [ Skip steps: i=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@6 pass out on lo0 route-to (pflog0 127.0.0.0/24) source-hash 0x4da8e393fd22f577426cfdf7fe52d3b0 inet all +@6 pass out on lo0 route-to (pflog0 127.0.0.0/24) source-hash 0x4da8e393fd22f577426cfdf7fe52d3b0 inet all [ Skip steps: i=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@7 pass in on lo0 dup-to (pflog0 127.0.0.0/24) round-robin inet all +@7 pass in on lo0 dup-to (pflog0 127.0.0.0/24) round-robin inet all [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf46.ok b/regress/sbin/pfctl/pf46.ok index 79d6b4c2d4e..24e793bbfa8 100644 --- a/regress/sbin/pfctl/pf46.ok +++ b/regress/sbin/pfctl/pf46.ok @@ -1,8 +1,8 @@ -pass in on lo0 route-to { (pflog0 127.0.0.1), (pflog0 127.0.0.2) } round-robin inet all -pass out on lo0 route-to { (pflog0 127.0.0.1), (pflog0 127.0.0.2) } round-robin inet all -pass in on lo0 route-to (pflog0 127.0.0.0/24) bitmask inet all -pass out on lo0 dup-to (pflog0 127.0.0.0/24) random inet all -pass in on lo0 reply-to { pflog0, pflog0 } round-robin inet6 all -pass in on lo0 reply-to (pflog0 127.0.0.0/28) source-hash 0x0123456789abcdef0123456789abcdef inet all -pass out on lo0 route-to (pflog0 127.0.0.0/24) source-hash 0x4da8e393fd22f577426cfdf7fe52d3b0 inet all -pass in on lo0 dup-to (pflog0 127.0.0.0/24) round-robin inet all +pass in on lo0 route-to { (pflog0 127.0.0.1), (pflog0 127.0.0.2) } round-robin inet all +pass out on lo0 route-to { (pflog0 127.0.0.1), (pflog0 127.0.0.2) } round-robin inet all +pass in on lo0 route-to (pflog0 127.0.0.0/24) bitmask inet all +pass out on lo0 dup-to (pflog0 127.0.0.0/24) random inet all +pass in on lo0 reply-to { pflog0, pflog0 } round-robin inet6 all +pass in on lo0 reply-to (pflog0 127.0.0.0/28) source-hash 0x0123456789abcdef0123456789abcdef inet all +pass out on lo0 route-to (pflog0 127.0.0.0/24) source-hash 0x4da8e393fd22f577426cfdf7fe52d3b0 inet all +pass in on lo0 dup-to (pflog0 127.0.0.0/24) round-robin inet all diff --git a/regress/sbin/pfctl/pf47.loaded b/regress/sbin/pfctl/pf47.loaded index c31fcec6abd..353c9bc9438 100644 --- a/regress/sbin/pfctl/pf47.loaded +++ b/regress/sbin/pfctl/pf47.loaded @@ -1,240 +1,240 @@ -@0 pass in on lo0 all +@0 pass in on lo0 all [ Skip steps: d=end f=5 p=35 sa=6 sp=35 da=22 dp=46 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 pass in all label "any" +@1 pass in all label "any" [ Skip steps: d=end f=5 p=35 sa=6 sp=35 da=22 dp=46 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@2 pass in on lo0 all label "lo0" +@2 pass in on lo0 all label "lo0" [ Skip steps: i=end d=end f=5 p=35 sa=6 sp=35 da=22 dp=46 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@3 pass in on lo0 all label "lo0lo0" +@3 pass in on lo0 all label "lo0lo0" [ Skip steps: i=end d=end f=5 p=35 sa=6 sp=35 da=22 dp=46 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@4 pass in on lo0 all label "any" +@4 pass in on lo0 all label "any" [ Skip steps: i=end d=end p=35 sa=6 sp=35 da=22 dp=46 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@5 pass in on lo0 inet all label "any" +@5 pass in on lo0 inet all label "any" [ Skip steps: i=end d=end f=12 p=35 sp=35 da=22 dp=46 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@6 pass in on lo0 inet from 127.0.0.1 to any label "127.0.0.1" +@6 pass in on lo0 inet from 127.0.0.1 to any label "127.0.0.1" [ Skip steps: i=end d=end f=12 p=35 sa=9 sp=35 da=22 dp=46 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@7 pass in on lo0 inet from 127.0.0.1 to any label "127.0.0.1127.0.0.1" +@7 pass in on lo0 inet from 127.0.0.1 to any label "127.0.0.1127.0.0.1" [ Skip steps: i=end d=end f=12 p=35 sa=9 sp=35 da=22 dp=46 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@8 pass in on lo0 inet from 127.0.0.1 to any label ":127.0.0.1:127.0.0.1:" +@8 pass in on lo0 inet from 127.0.0.1 to any label ":127.0.0.1:127.0.0.1:" [ Skip steps: i=end d=end f=12 p=35 sp=35 da=22 dp=46 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@9 pass in on lo0 inet from 127.0.0.0/8 to any label "127.0.0.0/8" +@9 pass in on lo0 inet from 127.0.0.0/8 to any label "127.0.0.0/8" [ Skip steps: i=end d=end f=12 p=35 sp=35 da=22 dp=46 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@10 pass in on lo0 inet from 127.0.0.0/16 to any label "127.0.0.0/16127.0.0.0/16" +@10 pass in on lo0 inet from 127.0.0.0/16 to any label "127.0.0.0/16127.0.0.0/16" [ Skip steps: i=end d=end f=12 p=35 sp=35 da=22 dp=46 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@11 pass in on lo0 inet from 127.0.0.0/31 to any label ":127.0.0.0/31:127.0.0.0/31:" +@11 pass in on lo0 inet from 127.0.0.0/31 to any label ":127.0.0.0/31:127.0.0.0/31:" [ Skip steps: i=end d=end p=35 sp=35 da=22 dp=46 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@12 pass in on lo0 inet6 from fe80::1 to any label "fe80::1" +@12 pass in on lo0 inet6 from fe80::1 to any label "fe80::1" [ Skip steps: i=end d=end f=21 p=35 sa=15 sp=35 da=22 dp=46 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@13 pass in on lo0 inet6 from fe80::1 to any label "fe80::1fe80::1" +@13 pass in on lo0 inet6 from fe80::1 to any label "fe80::1fe80::1" [ Skip steps: i=end d=end f=21 p=35 sa=15 sp=35 da=22 dp=46 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@14 pass in on lo0 inet6 from fe80::1 to any label ":fe80::1:fe80::1:" +@14 pass in on lo0 inet6 from fe80::1 to any label ":fe80::1:fe80::1:" [ Skip steps: i=end d=end f=21 p=35 sp=35 da=22 dp=46 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@15 pass in on lo0 inet6 from ::/8 to any label "::/8" +@15 pass in on lo0 inet6 from ::/8 to any label "::/8" [ Skip steps: i=end d=end f=21 p=35 sp=35 da=22 dp=46 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@16 pass in on lo0 inet6 from fe00::/8 to any label "fe00::/8" +@16 pass in on lo0 inet6 from fe00::/8 to any label "fe00::/8" [ Skip steps: i=end d=end f=21 p=35 sp=35 da=22 dp=46 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@17 pass in on lo0 inet6 from ::/64 to any label "::/64::/64" +@17 pass in on lo0 inet6 from ::/64 to any label "::/64::/64" [ Skip steps: i=end d=end f=21 p=35 sp=35 da=22 dp=46 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@18 pass in on lo0 inet6 from fe80::/64 to any label "fe80::/64fe80::/64" +@18 pass in on lo0 inet6 from fe80::/64 to any label "fe80::/64fe80::/64" [ Skip steps: i=end d=end f=21 p=35 sp=35 da=22 dp=46 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@19 pass in on lo0 inet6 from ::/127 to any label ":::/127:::/127:" +@19 pass in on lo0 inet6 from ::/127 to any label ":::/127:::/127:" [ Skip steps: i=end d=end f=21 p=35 sp=35 da=22 dp=46 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@20 pass in on lo0 inet6 from fe80::/127 to any label ":fe80::/127:fe80::/127:" +@20 pass in on lo0 inet6 from fe80::/127 to any label ":fe80::/127:fe80::/127:" [ Skip steps: i=end d=end p=35 sp=35 da=22 dp=46 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@21 pass in on lo0 all label "!any!" +@21 pass in on lo0 all label "!any!" [ Skip steps: i=end d=end p=35 sa=59 sp=35 dp=46 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@22 pass in on lo0 inet from any to (lo0) label "(lo0)" - [ Skip steps: i=end d=end f=28 p=35 sa=59 sp=35 da=25 dp=46 ] +@22 pass in on lo0 inet from any to (lo0) label "(lo0)" + [ Skip steps: i=end d=end f=28 p=35 sa=59 sp=35 dp=46 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@23 pass in on lo0 inet from any to (lo0) label "(lo0)(lo0)" - [ Skip steps: i=end d=end f=28 p=35 sa=59 sp=35 da=25 dp=46 ] +@23 pass in on lo0 inet from any to (lo0) label "(lo0)(lo0)" + [ Skip steps: i=end d=end f=28 p=35 sa=59 sp=35 dp=46 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@24 pass in on lo0 inet from any to (lo0) label " (lo0) (lo0) " +@24 pass in on lo0 inet from any to (lo0) label " (lo0) (lo0) " [ Skip steps: i=end d=end f=28 p=35 sa=59 sp=35 dp=46 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@25 pass in on lo0 inet from any to ! 127.0.0.0/8 label "! 127.0.0.0/8" +@25 pass in on lo0 inet from any to ! 127.0.0.0/8 label "! 127.0.0.0/8" [ Skip steps: i=end d=end f=28 p=35 sa=59 sp=35 dp=46 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@26 pass in on lo0 inet from any to ! 127.0.0.0/16 label "! 127.0.0.0/16! 127.0.0.0/16" +@26 pass in on lo0 inet from any to ! 127.0.0.0/16 label "! 127.0.0.0/16! 127.0.0.0/16" [ Skip steps: i=end d=end f=28 p=35 sa=59 sp=35 dp=46 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@27 pass in on lo0 inet from any to ! 127.0.0.0/31 label " ! 127.0.0.0/31 ! 127.0.0.0/31 " +@27 pass in on lo0 inet from any to ! 127.0.0.0/31 label " ! 127.0.0.0/31 ! 127.0.0.0/31 " [ Skip steps: i=end d=end p=35 sa=59 sp=35 dp=46 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@28 pass in on lo0 inet6 from any to ! (lo0) label "! (lo0)" - [ Skip steps: i=end d=end f=34 p=35 sa=59 sp=35 da=31 dp=46 ] +@28 pass in on lo0 inet6 from any to ! (lo0) label "! (lo0)" + [ Skip steps: i=end d=end f=34 p=35 sa=59 sp=35 dp=46 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@29 pass in on lo0 inet6 from any to ! (lo0) label "! (lo0)! (lo0)" - [ Skip steps: i=end d=end f=34 p=35 sa=59 sp=35 da=31 dp=46 ] +@29 pass in on lo0 inet6 from any to ! (lo0) label "! (lo0)! (lo0)" + [ Skip steps: i=end d=end f=34 p=35 sa=59 sp=35 dp=46 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@30 pass in on lo0 inet6 from any to ! (lo0) label " ! (lo0) ! (lo0) " +@30 pass in on lo0 inet6 from any to ! (lo0) label " ! (lo0) ! (lo0) " [ Skip steps: i=end d=end f=34 p=35 sa=59 sp=35 dp=46 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@31 pass in on lo0 inet6 from any to ! ::/8 label "! ::/8" +@31 pass in on lo0 inet6 from any to ! ::/8 label "! ::/8" [ Skip steps: i=end d=end f=34 p=35 sa=59 sp=35 dp=46 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@32 pass in on lo0 inet6 from any to ! ::/64 label "! ::/64! ::/64" +@32 pass in on lo0 inet6 from any to ! ::/64 label "! ::/64! ::/64" [ Skip steps: i=end d=end f=34 p=35 sa=59 sp=35 dp=46 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@33 pass in on lo0 inet6 from any to ! ::/127 label " ! ::/127 ! ::/127 " +@33 pass in on lo0 inet6 from any to ! ::/127 label " ! ::/127 ! ::/127 " [ Skip steps: i=end d=end p=35 sa=59 sp=35 dp=46 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@34 pass in on lo0 all label "xx" +@34 pass in on lo0 all label "xx" [ Skip steps: i=end d=end f=59 sa=59 da=59 dp=46 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@35 pass in on lo0 proto tcp from any port = 28 to any label "28" +@35 pass in on lo0 proto tcp from any port = 28 to any label "28" [ Skip steps: i=end d=end f=59 p=45 sa=59 da=59 dp=46 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@36 pass in on lo0 proto tcp from any port 28 >< 29 to any label "28><29" +@36 pass in on lo0 proto tcp from any port 28 >< 29 to any label "28><29" [ Skip steps: i=end d=end f=59 p=45 sa=59 da=59 dp=46 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@37 pass in on lo0 proto tcp from any port 28 <> 29 to any label "28<>29" +@37 pass in on lo0 proto tcp from any port 28 <> 29 to any label "28<>29" [ Skip steps: i=end d=end f=59 p=45 sa=59 da=59 dp=46 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@38 pass in on lo0 proto tcp from any port != 28 to any label "!=28" +@38 pass in on lo0 proto tcp from any port != 28 to any label "!=28" [ Skip steps: i=end d=end f=59 p=45 sa=59 da=59 dp=46 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@39 pass in on lo0 proto tcp from any port < 28 to any label "<28" +@39 pass in on lo0 proto tcp from any port < 28 to any label "<28" [ Skip steps: i=end d=end f=59 p=45 sa=59 da=59 dp=46 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@40 pass in on lo0 proto tcp from any port <= 28 to any label "<=28" +@40 pass in on lo0 proto tcp from any port <= 28 to any label "<=28" [ Skip steps: i=end d=end f=59 p=45 sa=59 da=59 dp=46 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@41 pass in on lo0 proto tcp from any port > 28 to any label ">28" +@41 pass in on lo0 proto tcp from any port > 28 to any label ">28" [ Skip steps: i=end d=end f=59 p=45 sa=59 da=59 dp=46 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@42 pass in on lo0 proto tcp from any port >= 28 to any label ">=28" +@42 pass in on lo0 proto tcp from any port >= 28 to any label ">=28" [ Skip steps: i=end d=end f=59 p=45 sa=59 da=59 dp=46 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@43 pass in on lo0 proto tcp from any port = 28 to any label "2828" +@43 pass in on lo0 proto tcp from any port = 28 to any label "2828" [ Skip steps: i=end d=end f=59 p=45 sa=59 sp=45 da=59 dp=46 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@44 pass in on lo0 proto tcp from any port = 28 to any label "$28$28$" +@44 pass in on lo0 proto tcp from any port = 28 to any label "$28$28$" [ Skip steps: i=end d=end f=59 sa=59 da=59 dp=46 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@45 pass in on lo0 all +@45 pass in on lo0 all [ Skip steps: i=end d=end f=59 sa=59 sp=59 da=59 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@46 pass in on lo0 proto udp from any to any port = 29 label "29" +@46 pass in on lo0 proto udp from any to any port = 29 label "29" [ Skip steps: i=end d=end f=59 p=49 sa=59 sp=59 da=59 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@47 pass in on lo0 proto udp from any to any port != 29 label "!=29!=29" +@47 pass in on lo0 proto udp from any to any port != 29 label "!=29!=29" [ Skip steps: i=end d=end f=59 p=49 sa=59 sp=59 da=59 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@48 pass in on lo0 proto udp from any to any port > 29 label "x>29x>29x" +@48 pass in on lo0 proto udp from any to any port > 29 label "x>29x>29x" [ Skip steps: i=end d=end f=59 sa=59 sp=59 da=59 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@49 pass in on lo0 all label "ip" +@49 pass in on lo0 all label "ip" [ Skip steps: i=end d=end f=59 sa=59 sp=59 da=59 dp=59 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@50 pass in on lo0 proto esp all label "esp" +@50 pass in on lo0 proto esp all label "esp" [ Skip steps: i=end d=end f=59 p=53 sa=59 sp=59 da=59 dp=59 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@51 pass in on lo0 proto esp all label "espesp" +@51 pass in on lo0 proto esp all label "espesp" [ Skip steps: i=end d=end f=59 p=53 sa=59 sp=59 da=59 dp=59 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@52 pass in on lo0 proto esp all label "-esp-esp-" +@52 pass in on lo0 proto esp all label "-esp-esp-" [ Skip steps: i=end d=end f=59 sa=59 sp=59 da=59 dp=59 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@53 pass in on lo0 proto 166 all label "166" +@53 pass in on lo0 proto 166 all label "166" [ Skip steps: i=end d=end f=59 p=56 sa=59 sp=59 da=59 dp=59 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@54 pass in on lo0 proto 166 all label "166166" +@54 pass in on lo0 proto 166 all label "166166" [ Skip steps: i=end d=end f=59 p=56 sa=59 sp=59 da=59 dp=59 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@55 pass in on lo0 proto 166 all label "_166_166_" +@55 pass in on lo0 proto 166 all label "_166_166_" [ Skip steps: i=end d=end f=59 sa=59 sp=59 da=59 dp=59 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@56 pass in on lo0 all label "56" +@56 pass in on lo0 all label "56" [ Skip steps: i=end d=end f=59 p=59 sa=59 sp=59 da=59 dp=59 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@57 pass in on lo0 all label "5757" +@57 pass in on lo0 all label "5757" [ Skip steps: i=end d=end f=59 p=59 sa=59 sp=59 da=59 dp=59 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@58 pass in on lo0 all label "%58%58%" +@58 pass in on lo0 all label "%58%58%" [ Skip steps: i=end d=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@59 pass in on lo0 inet proto tcp from 127.0.0.1 port = 30 to 127.0.0.2 port = 44 label "if lo0 proto tcp 127.0.0.1 30 127.0.0.2 44" +@59 pass in on lo0 inet proto tcp from 127.0.0.1 port = 30 to 127.0.0.2 port = 44 label "if lo0 proto tcp 127.0.0.1 30 127.0.0.2 44" [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf47.ok b/regress/sbin/pfctl/pf47.ok index 8ef39e6bd90..1bb211e7a71 100644 --- a/regress/sbin/pfctl/pf47.ok +++ b/regress/sbin/pfctl/pf47.ok @@ -1,60 +1,60 @@ -pass in on lo0 all -pass in all label "any" -pass in on lo0 all label "lo0" -pass in on lo0 all label "lo0lo0" -pass in on lo0 all label "any" -pass in on lo0 inet all label "any" -pass in on lo0 inet from 127.0.0.1 to any label "127.0.0.1" -pass in on lo0 inet from 127.0.0.1 to any label "127.0.0.1127.0.0.1" -pass in on lo0 inet from 127.0.0.1 to any label ":127.0.0.1:127.0.0.1:" -pass in on lo0 inet from 127.0.0.0/8 to any label "127.0.0.0/8" -pass in on lo0 inet from 127.0.0.0/16 to any label "127.0.0.0/16127.0.0.0/16" -pass in on lo0 inet from 127.0.0.0/31 to any label ":127.0.0.0/31:127.0.0.0/31:" -pass in on lo0 inet6 from fe80::1 to any label "fe80::1" -pass in on lo0 inet6 from fe80::1 to any label "fe80::1fe80::1" -pass in on lo0 inet6 from fe80::1 to any label ":fe80::1:fe80::1:" -pass in on lo0 inet6 from ::/8 to any label "::/8" -pass in on lo0 inet6 from fe00::/8 to any label "fe00::/8" -pass in on lo0 inet6 from ::/64 to any label "::/64::/64" -pass in on lo0 inet6 from fe80::/64 to any label "fe80::/64fe80::/64" -pass in on lo0 inet6 from ::/127 to any label ":::/127:::/127:" -pass in on lo0 inet6 from fe80::/127 to any label ":fe80::/127:fe80::/127:" -pass in on lo0 all label "!any!" -pass in on lo0 inet from any to (lo0) label "(lo0)" -pass in on lo0 inet from any to (lo0) label "(lo0)(lo0)" -pass in on lo0 inet from any to (lo0) label " (lo0) (lo0) " -pass in on lo0 inet from any to ! 127.0.0.0/8 label "! 127.0.0.0/8" -pass in on lo0 inet from any to ! 127.0.0.0/16 label "! 127.0.0.0/16! 127.0.0.0/16" -pass in on lo0 inet from any to ! 127.0.0.0/31 label " ! 127.0.0.0/31 ! 127.0.0.0/31 " -pass in on lo0 inet6 from any to ! (lo0) label "! (lo0)" -pass in on lo0 inet6 from any to ! (lo0) label "! (lo0)! (lo0)" -pass in on lo0 inet6 from any to ! (lo0) label " ! (lo0) ! (lo0) " -pass in on lo0 inet6 from any to ! ::/8 label "! ::/8" -pass in on lo0 inet6 from any to ! ::/64 label "! ::/64! ::/64" -pass in on lo0 inet6 from any to ! ::/127 label " ! ::/127 ! ::/127 " -pass in on lo0 all label "xx" -pass in on lo0 proto tcp from any port = 28 to any label "28" -pass in on lo0 proto tcp from any port 28 >< 29 to any label "28><29" -pass in on lo0 proto tcp from any port 28 <> 29 to any label "28<>29" -pass in on lo0 proto tcp from any port != 28 to any label "!=28" -pass in on lo0 proto tcp from any port < 28 to any label "<28" -pass in on lo0 proto tcp from any port <= 28 to any label "<=28" -pass in on lo0 proto tcp from any port > 28 to any label ">28" -pass in on lo0 proto tcp from any port >= 28 to any label ">=28" -pass in on lo0 proto tcp from any port = 28 to any label "2828" -pass in on lo0 proto tcp from any port = 28 to any label "$28$28$" -pass in on lo0 all -pass in on lo0 proto udp from any to any port = 29 label "29" -pass in on lo0 proto udp from any to any port != 29 label "!=29!=29" -pass in on lo0 proto udp from any to any port > 29 label "x>29x>29x" -pass in on lo0 all label "ip" -pass in on lo0 proto esp all label "esp" -pass in on lo0 proto esp all label "espesp" -pass in on lo0 proto esp all label "-esp-esp-" -pass in on lo0 proto 166 all label "166" -pass in on lo0 proto 166 all label "166166" -pass in on lo0 proto 166 all label "_166_166_" -pass in on lo0 all label "56" -pass in on lo0 all label "5757" -pass in on lo0 all label "%58%58%" -pass in on lo0 inet proto tcp from 127.0.0.1 port = 30 to 127.0.0.2 port = 44 label "if lo0 proto tcp 127.0.0.1 30 127.0.0.2 44" +pass in on lo0 all +pass in all label "any" +pass in on lo0 all label "lo0" +pass in on lo0 all label "lo0lo0" +pass in on lo0 all label "any" +pass in on lo0 inet all label "any" +pass in on lo0 inet from 127.0.0.1 to any label "127.0.0.1" +pass in on lo0 inet from 127.0.0.1 to any label "127.0.0.1127.0.0.1" +pass in on lo0 inet from 127.0.0.1 to any label ":127.0.0.1:127.0.0.1:" +pass in on lo0 inet from 127.0.0.0/8 to any label "127.0.0.0/8" +pass in on lo0 inet from 127.0.0.0/16 to any label "127.0.0.0/16127.0.0.0/16" +pass in on lo0 inet from 127.0.0.0/31 to any label ":127.0.0.0/31:127.0.0.0/31:" +pass in on lo0 inet6 from fe80::1 to any label "fe80::1" +pass in on lo0 inet6 from fe80::1 to any label "fe80::1fe80::1" +pass in on lo0 inet6 from fe80::1 to any label ":fe80::1:fe80::1:" +pass in on lo0 inet6 from ::/8 to any label "::/8" +pass in on lo0 inet6 from fe00::/8 to any label "fe00::/8" +pass in on lo0 inet6 from ::/64 to any label "::/64::/64" +pass in on lo0 inet6 from fe80::/64 to any label "fe80::/64fe80::/64" +pass in on lo0 inet6 from ::/127 to any label ":::/127:::/127:" +pass in on lo0 inet6 from fe80::/127 to any label ":fe80::/127:fe80::/127:" +pass in on lo0 all label "!any!" +pass in on lo0 inet from any to (lo0) label "(lo0)" +pass in on lo0 inet from any to (lo0) label "(lo0)(lo0)" +pass in on lo0 inet from any to (lo0) label " (lo0) (lo0) " +pass in on lo0 inet from any to ! 127.0.0.0/8 label "! 127.0.0.0/8" +pass in on lo0 inet from any to ! 127.0.0.0/16 label "! 127.0.0.0/16! 127.0.0.0/16" +pass in on lo0 inet from any to ! 127.0.0.0/31 label " ! 127.0.0.0/31 ! 127.0.0.0/31 " +pass in on lo0 inet6 from any to ! (lo0) label "! (lo0)" +pass in on lo0 inet6 from any to ! (lo0) label "! (lo0)! (lo0)" +pass in on lo0 inet6 from any to ! (lo0) label " ! (lo0) ! (lo0) " +pass in on lo0 inet6 from any to ! ::/8 label "! ::/8" +pass in on lo0 inet6 from any to ! ::/64 label "! ::/64! ::/64" +pass in on lo0 inet6 from any to ! ::/127 label " ! ::/127 ! ::/127 " +pass in on lo0 all label "xx" +pass in on lo0 proto tcp from any port = 28 to any label "28" +pass in on lo0 proto tcp from any port 28 >< 29 to any label "28><29" +pass in on lo0 proto tcp from any port 28 <> 29 to any label "28<>29" +pass in on lo0 proto tcp from any port != 28 to any label "!=28" +pass in on lo0 proto tcp from any port < 28 to any label "<28" +pass in on lo0 proto tcp from any port <= 28 to any label "<=28" +pass in on lo0 proto tcp from any port > 28 to any label ">28" +pass in on lo0 proto tcp from any port >= 28 to any label ">=28" +pass in on lo0 proto tcp from any port = 28 to any label "2828" +pass in on lo0 proto tcp from any port = 28 to any label "$28$28$" +pass in on lo0 all +pass in on lo0 proto udp from any to any port = 29 label "29" +pass in on lo0 proto udp from any to any port != 29 label "!=29!=29" +pass in on lo0 proto udp from any to any port > 29 label "x>29x>29x" +pass in on lo0 all label "ip" +pass in on lo0 proto esp all label "esp" +pass in on lo0 proto esp all label "espesp" +pass in on lo0 proto esp all label "-esp-esp-" +pass in on lo0 proto 166 all label "166" +pass in on lo0 proto 166 all label "166166" +pass in on lo0 proto 166 all label "_166_166_" +pass in on lo0 all label "56" +pass in on lo0 all label "5757" +pass in on lo0 all label "%58%58%" +pass in on lo0 inet proto tcp from 127.0.0.1 port = 30 to 127.0.0.2 port = 44 label "if lo0 proto tcp 127.0.0.1 30 127.0.0.2 44" diff --git a/regress/sbin/pfctl/pf48.loaded b/regress/sbin/pfctl/pf48.loaded index 61364eac595..7bcdea943ab 100644 --- a/regress/sbin/pfctl/pf48.loaded +++ b/regress/sbin/pfctl/pf48.loaded @@ -1,5 +1,5 @@ @0 nat on lo0 inet from <regress.1:3> to <regress.2:*> -> 127.0.0.1 - [ Skip steps: d=end f=end p=end sp=end da=end dp=end ] + [ Skip steps: d=end f=end p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] @1 nat on ! lo0 inet from ! <regress.1:3> to <regress.2:*> -> 127.0.0.1 @@ -7,50 +7,50 @@ [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] @0 rdr on lo0 inet from <regress.1:3> to <regress.2:*> -> 127.0.0.1 - [ Skip steps: d=end f=end p=end sp=end da=end dp=end ] + [ Skip steps: d=end f=end p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] @1 rdr on ! lo0 inet from ! <regress.1:3> to <regress.2:*> -> 127.0.0.1 [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@0 scrub in from <regress.1:3> to any fragment reassemble +@0 scrub in from <regress.1:3> to any fragment reassemble [ Skip steps: i=end d=2 f=end p=end sp=end da=2 dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 scrub in from ! <regress.2:*> to any fragment reassemble +@1 scrub in from ! <regress.2:*> to any fragment reassemble [ Skip steps: i=end f=end p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@2 scrub out from any to ! <regress.1:3> fragment reassemble +@2 scrub out from any to ! <regress.1:3> fragment reassemble [ Skip steps: i=end d=end f=end p=end sa=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@3 scrub out from any to <regress.2:*> fragment reassemble +@3 scrub out from any to <regress.2:*> fragment reassemble [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@0 pass in from <regress:6> to any +@0 pass in from <regress:6> to any [ Skip steps: i=end f=end p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 pass out from any to <regress:6> +@1 pass out from any to <regress:6> [ Skip steps: i=end f=end p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@2 pass in from <regress.1:3> to any +@2 pass in from <regress.1:3> to any [ Skip steps: i=end d=4 f=end p=end sp=end da=4 dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@3 pass in from <regress.2:*> to any +@3 pass in from <regress.2:*> to any [ Skip steps: i=end f=end p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@4 pass out from any to ! <regress.1:3> +@4 pass out from any to ! <regress.1:3> [ Skip steps: i=end d=end f=end p=end sa=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@5 pass out from any to ! <regress.2:*> +@5 pass out from any to ! <regress.2:*> [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf48.ok b/regress/sbin/pfctl/pf48.ok index 88783756a7c..a8ce73a281e 100644 --- a/regress/sbin/pfctl/pf48.ok +++ b/regress/sbin/pfctl/pf48.ok @@ -1,17 +1,17 @@ table <regress> { 1.2.3.4 !5.6.7.8 10.0.0.0/8 127.0.0.1 ::1 fe80::1 } table <regress.1> const { ::1 fe80::/64 ::1 127.0.0.1 } table <regress.a> const { 1.2.3.4 !5.6.7.8 ::1 ::2 ::3 } file "/dev/null" { 4.3.2.1 } -scrub in from <regress.1> to any fragment reassemble -scrub in from ! <regress.2> to any fragment reassemble -scrub out from any to ! <regress.1> fragment reassemble -scrub out from any to <regress.2> fragment reassemble +scrub in from <regress.1> to any fragment reassemble +scrub in from ! <regress.2> to any fragment reassemble +scrub out from any to ! <regress.1> fragment reassemble +scrub out from any to <regress.2> fragment reassemble nat on lo0 inet from <regress.1> to <regress.2> -> 127.0.0.1 nat on ! lo0 inet from ! <regress.1> to <regress.2> -> 127.0.0.1 rdr on lo0 inet from <regress.1> to <regress.2> -> 127.0.0.1 rdr on ! lo0 inet from ! <regress.1> to <regress.2> -> 127.0.0.1 -pass in from <regress> to any -pass out from any to <regress> -pass in from <regress.1> to any -pass in from <regress.2> to any -pass out from any to ! <regress.1> -pass out from any to ! <regress.2> +pass in from <regress> to any +pass out from any to <regress> +pass in from <regress.1> to any +pass in from <regress.2> to any +pass out from any to ! <regress.1> +pass out from any to ! <regress.2> diff --git a/regress/sbin/pfctl/pf49.loaded b/regress/sbin/pfctl/pf49.loaded index ab27c329fde..9b19385129b 100644 --- a/regress/sbin/pfctl/pf49.loaded +++ b/regress/sbin/pfctl/pf49.loaded @@ -1,12 +1,12 @@ -@0 pass in on lo0 inet from 127.0.0.0/8 to any keep state +@0 pass in on lo0 inet from 127.0.0.0/8 to any keep state [ Skip steps: i=end d=end p=end sp=end da=2 dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 pass in on lo0 inet6 from ::1 to any keep state +@1 pass in on lo0 inet6 from ::1 to any keep state [ Skip steps: i=end d=end p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@2 block drop in on lo0 inet from any to 127.0.0.1 +@2 block drop in on lo0 inet from any to 127.0.0.1 [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf49.ok b/regress/sbin/pfctl/pf49.ok index ccfb36c03f6..5153674898b 100644 --- a/regress/sbin/pfctl/pf49.ok +++ b/regress/sbin/pfctl/pf49.ok @@ -1,3 +1,3 @@ -pass in on lo0 inet from 127.0.0.0/8 to any keep state -pass in on lo0 inet6 from ::1 to any keep state -block drop in on lo0 inet from any to 127.0.0.1 +pass in on lo0 inet from 127.0.0.0/8 to any keep state +pass in on lo0 inet6 from ::1 to any keep state +block drop in on lo0 inet from any to 127.0.0.1 diff --git a/regress/sbin/pfctl/pf5.loaded b/regress/sbin/pfctl/pf5.loaded index 3bb2b9d93e3..c2b05cd45e4 100644 --- a/regress/sbin/pfctl/pf5.loaded +++ b/regress/sbin/pfctl/pf5.loaded @@ -1,32 +1,32 @@ -@0 block drop in inet proto udp from 10.0.0.0/8 port = echo to 12.34.56.78 port = 6667 +@0 block drop in inet proto udp from 10.0.0.0/8 port = echo to 12.34.56.78 port = 6667 [ Skip steps: i=end d=end f=end p=end sa=end sp=2 da=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 block drop in inet proto udp from 10.0.0.0/8 port = echo to 12.34.56.78 port = 16 +@1 block drop in inet proto udp from 10.0.0.0/8 port = echo to 12.34.56.78 port = 16 [ Skip steps: i=end d=end f=end p=end sa=end da=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@2 block drop in inet proto udp from 10.0.0.0/8 port = ssh to 12.34.56.78 port = 6667 +@2 block drop in inet proto udp from 10.0.0.0/8 port = ssh to 12.34.56.78 port = 6667 [ Skip steps: i=end d=end f=end p=end sa=end sp=4 da=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@3 block drop in inet proto udp from 10.0.0.0/8 port = ssh to 12.34.56.78 port = 16 +@3 block drop in inet proto udp from 10.0.0.0/8 port = ssh to 12.34.56.78 port = 16 [ Skip steps: i=end d=end f=end p=end sa=end da=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@4 block drop in inet proto udp from 10.0.0.0/8 port = 21 to 12.34.56.78 port = 6667 +@4 block drop in inet proto udp from 10.0.0.0/8 port = 21 to 12.34.56.78 port = 6667 [ Skip steps: i=end d=end f=end p=end sa=end sp=6 da=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@5 block drop in inet proto udp from 10.0.0.0/8 port = 21 to 12.34.56.78 port = 16 +@5 block drop in inet proto udp from 10.0.0.0/8 port = 21 to 12.34.56.78 port = 16 [ Skip steps: i=end d=end f=end p=end sa=end da=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@6 block drop in inet proto udp from 10.0.0.0/8 port = 113 to 12.34.56.78 port = 6667 +@6 block drop in inet proto udp from 10.0.0.0/8 port = 113 to 12.34.56.78 port = 6667 [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@7 block drop in inet proto udp from 10.0.0.0/8 port = 113 to 12.34.56.78 port = 16 +@7 block drop in inet proto udp from 10.0.0.0/8 port = 113 to 12.34.56.78 port = 16 [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf5.ok b/regress/sbin/pfctl/pf5.ok index 930c6af6074..b3f7c2c99f8 100644 --- a/regress/sbin/pfctl/pf5.ok +++ b/regress/sbin/pfctl/pf5.ok @@ -1,11 +1,11 @@ foo = "ssh, ftp" bar = "other thing" inside = "10.0.0.0/8" -block drop in inet proto udp from 10.0.0.0/8 port = echo to 12.34.56.78 port = 6667 -block drop in inet proto udp from 10.0.0.0/8 port = echo to 12.34.56.78 port = 16 -block drop in inet proto udp from 10.0.0.0/8 port = ssh to 12.34.56.78 port = 6667 -block drop in inet proto udp from 10.0.0.0/8 port = ssh to 12.34.56.78 port = 16 -block drop in inet proto udp from 10.0.0.0/8 port = 21 to 12.34.56.78 port = 6667 -block drop in inet proto udp from 10.0.0.0/8 port = 21 to 12.34.56.78 port = 16 -block drop in inet proto udp from 10.0.0.0/8 port = 113 to 12.34.56.78 port = 6667 -block drop in inet proto udp from 10.0.0.0/8 port = 113 to 12.34.56.78 port = 16 +block drop in inet proto udp from 10.0.0.0/8 port = echo to 12.34.56.78 port = 6667 +block drop in inet proto udp from 10.0.0.0/8 port = echo to 12.34.56.78 port = 16 +block drop in inet proto udp from 10.0.0.0/8 port = ssh to 12.34.56.78 port = 6667 +block drop in inet proto udp from 10.0.0.0/8 port = ssh to 12.34.56.78 port = 16 +block drop in inet proto udp from 10.0.0.0/8 port = 21 to 12.34.56.78 port = 6667 +block drop in inet proto udp from 10.0.0.0/8 port = 21 to 12.34.56.78 port = 16 +block drop in inet proto udp from 10.0.0.0/8 port = 113 to 12.34.56.78 port = 6667 +block drop in inet proto udp from 10.0.0.0/8 port = 113 to 12.34.56.78 port = 16 diff --git a/regress/sbin/pfctl/pf50.ok b/regress/sbin/pfctl/pf50.ok index 42e5b2311c3..e891b238639 100644 --- a/regress/sbin/pfctl/pf50.ok +++ b/regress/sbin/pfctl/pf50.ok @@ -1,3 +1,3 @@ extif = "wi0" extif = "lo0" -block drop in on lo0 all +block drop in on lo0 all diff --git a/regress/sbin/pfctl/pf51.ok b/regress/sbin/pfctl/pf51.ok index de03ba2445f..8c0bdc5a588 100644 --- a/regress/sbin/pfctl/pf51.ok +++ b/regress/sbin/pfctl/pf51.ok @@ -1,4 +1,4 @@ -pass in on lo0 all +pass in on lo0 all set require-order no nat on lo0 inet all -> 127.0.0.1 altq on lo0 cbq bandwidth 10Mb tbrsize 1824 queue { toad frog } diff --git a/regress/sbin/pfctl/pf53.ok b/regress/sbin/pfctl/pf53.ok index 1f2af6a074b..2a8d7df6998 100644 --- a/regress/sbin/pfctl/pf53.ok +++ b/regress/sbin/pfctl/pf53.ok @@ -1,4 +1,4 @@ -pass in inet proto tcp from 1.2.3.4 to any label "0:any:tcp:1.2.3.4::any:" -pass in inet proto tcp from 1.2.3.5 to any label "1:any:tcp:1.2.3.5::any:" -pass in on lo0 inet proto tcp from 1.2.3.4 to any label "2:lo0:tcp:1.2.3.4::any:" -pass in on lo0 inet proto tcp from 1.2.3.5 to any label "3:lo0:tcp:1.2.3.5::any:" +pass in inet proto tcp from 1.2.3.4 to any label "0:any:tcp:1.2.3.4::any:" +pass in inet proto tcp from 1.2.3.5 to any label "1:any:tcp:1.2.3.5::any:" +pass in on lo0 inet proto tcp from 1.2.3.4 to any label "2:lo0:tcp:1.2.3.4::any:" +pass in on lo0 inet proto tcp from 1.2.3.5 to any label "3:lo0:tcp:1.2.3.5::any:" diff --git a/regress/sbin/pfctl/pf54.loaded b/regress/sbin/pfctl/pf54.loaded index 841db56827e..c9e12277984 100644 --- a/regress/sbin/pfctl/pf54.loaded +++ b/regress/sbin/pfctl/pf54.loaded @@ -1,4 +1,4 @@ -@0 scrub all random-id fragment reassemble +@0 scrub all random-id fragment reassemble [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf54.ok b/regress/sbin/pfctl/pf54.ok index a54f48edfb8..d8672c08ff3 100644 --- a/regress/sbin/pfctl/pf54.ok +++ b/regress/sbin/pfctl/pf54.ok @@ -1 +1 @@ -scrub all random-id fragment reassemble +scrub all random-id fragment reassemble diff --git a/regress/sbin/pfctl/pf56.loaded b/regress/sbin/pfctl/pf56.loaded index dbdf0d3f97c..140e18b2fbb 100644 --- a/regress/sbin/pfctl/pf56.loaded +++ b/regress/sbin/pfctl/pf56.loaded @@ -1,8 +1,8 @@ -@0 pass in proto tcp from any to any port = www keep state (tcp.established 60) +@0 pass in proto tcp from any to any port = www keep state (tcp.established 60) [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 pass in proto tcp from any to any port = www keep state (max 10, tcp.first 2) +@1 pass in proto tcp from any to any port = www keep state (max 10, tcp.first 2) [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf56.ok b/regress/sbin/pfctl/pf56.ok index a44cc06e648..5f0e860ae2c 100644 --- a/regress/sbin/pfctl/pf56.ok +++ b/regress/sbin/pfctl/pf56.ok @@ -1,2 +1,2 @@ -pass in proto tcp from any to any port = www keep state (tcp.established 60) -pass in proto tcp from any to any port = www keep state (max 10, tcp.first 2) +pass in proto tcp from any to any port = www keep state (tcp.established 60) +pass in proto tcp from any to any port = www keep state (max 10, tcp.first 2) diff --git a/regress/sbin/pfctl/pf57.ok b/regress/sbin/pfctl/pf57.ok index 0a0614a740d..eb9f628e314 100644 --- a/regress/sbin/pfctl/pf57.ok +++ b/regress/sbin/pfctl/pf57.ok @@ -1,4 +1,4 @@ a = "10.0.0.1" b = "x" b = "y" -pass in inet from 10.0.0.1 to any +pass in inet from 10.0.0.1 to any diff --git a/regress/sbin/pfctl/pf60.loaded b/regress/sbin/pfctl/pf60.loaded index 0006a56584b..2389f2d8edc 100644 --- a/regress/sbin/pfctl/pf60.loaded +++ b/regress/sbin/pfctl/pf60.loaded @@ -1,28 +1,28 @@ -@0 pass inet from 224.4.5.4 to any +@0 pass inet from 224.4.5.4 to any [ Skip steps: i=end d=end f=end p=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 pass inet from 224.4.0.0/16 to any +@1 pass inet from 224.4.0.0/16 to any [ Skip steps: i=end d=end f=end p=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@2 pass inet from 224.4.5.0/26 to any +@2 pass inet from 224.4.5.0/26 to any [ Skip steps: i=end d=end f=end p=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@3 pass inet from 224.4.5.64/26 to any +@3 pass inet from 224.4.5.64/26 to any [ Skip steps: i=end d=end f=end p=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@4 pass inet from 224.4.5.128/26 to any +@4 pass inet from 224.4.5.128/26 to any [ Skip steps: i=end d=end f=end p=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@5 pass inet from 224.4.5.192/26 to any +@5 pass inet from 224.4.5.192/26 to any [ Skip steps: i=end d=end f=end p=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@6 pass inet from 224.4.5.4 to any +@6 pass inet from 224.4.5.4 to any [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf60.ok b/regress/sbin/pfctl/pf60.ok index 6a9aea6df87..57926d6c781 100644 --- a/regress/sbin/pfctl/pf60.ok +++ b/regress/sbin/pfctl/pf60.ok @@ -1,7 +1,7 @@ -pass inet from 224.4.5.4 to any -pass inet from 224.4.0.0/16 to any -pass inet from 224.4.5.0/26 to any -pass inet from 224.4.5.64/26 to any -pass inet from 224.4.5.128/26 to any -pass inet from 224.4.5.192/26 to any -pass inet from 224.4.5.4 to any +pass inet from 224.4.5.4 to any +pass inet from 224.4.0.0/16 to any +pass inet from 224.4.5.0/26 to any +pass inet from 224.4.5.64/26 to any +pass inet from 224.4.5.128/26 to any +pass inet from 224.4.5.192/26 to any +pass inet from 224.4.5.4 to any diff --git a/regress/sbin/pfctl/pf61.loaded b/regress/sbin/pfctl/pf61.loaded index c969f055520..3668f3cf375 100644 --- a/regress/sbin/pfctl/pf61.loaded +++ b/regress/sbin/pfctl/pf61.loaded @@ -1,4 +1,4 @@ -@0 pass inet from any to (lo0)/24 +@0 pass inet from any to (lo0)/24 [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf61.ok b/regress/sbin/pfctl/pf61.ok index 355c22854ee..46a634037b5 100644 --- a/regress/sbin/pfctl/pf61.ok +++ b/regress/sbin/pfctl/pf61.ok @@ -1 +1 @@ -pass inet from any to (lo0)/24 +pass inet from any to (lo0)/24 diff --git a/regress/sbin/pfctl/pf65.loaded b/regress/sbin/pfctl/pf65.loaded index e2ff6f848bc..a024ff7c6e9 100644 --- a/regress/sbin/pfctl/pf65.loaded +++ b/regress/sbin/pfctl/pf65.loaded @@ -1,12 +1,12 @@ -@0 block drop in on ! lo0 inet from 127.0.0.0/8 to any label "antispoof-lo0" +@0 block drop in on ! lo0 inet from 127.0.0.0/8 to any label "antispoof-lo0" [ Skip steps: i=end d=end p=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 block drop in on ! lo0 inet6 from ::1 to any label "antispoof-lo0" +@1 block drop in on ! lo0 inet6 from ::1 to any label "antispoof-lo0" [ Skip steps: i=end d=end p=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@2 block drop in log quick on ! lo0 inet from 127.0.0.0/8 to any label "antispoof-lo0-2" +@2 block drop in log quick on ! lo0 inet from 127.0.0.0/8 to any label "antispoof-lo0-2" [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf65.ok b/regress/sbin/pfctl/pf65.ok index 8239e9500c3..69747452bd6 100644 --- a/regress/sbin/pfctl/pf65.ok +++ b/regress/sbin/pfctl/pf65.ok @@ -1,3 +1,3 @@ -block drop in on ! lo0 inet from 127.0.0.0/8 to any label "antispoof-lo0" -block drop in on ! lo0 inet6 from ::1 to any label "antispoof-lo0" -block drop in log quick on ! lo0 inet from 127.0.0.0/8 to any label "antispoof-lo0-2" +block drop in on ! lo0 inet from 127.0.0.0/8 to any label "antispoof-lo0" +block drop in on ! lo0 inet6 from ::1 to any label "antispoof-lo0" +block drop in log quick on ! lo0 inet from 127.0.0.0/8 to any label "antispoof-lo0-2" diff --git a/regress/sbin/pfctl/pf67.loaded b/regress/sbin/pfctl/pf67.loaded index 274a16c9a09..a448ee6e46a 100644 --- a/regress/sbin/pfctl/pf67.loaded +++ b/regress/sbin/pfctl/pf67.loaded @@ -1,8 +1,8 @@ -@0 pass in quick on tun0 all keep state tag regress +@0 pass in quick on tun0 all keep state tag regress [ Skip steps: f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 pass out quick on lo0 all keep state tagged regress +@1 pass out quick on lo0 all keep state tagged regress [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf67.ok b/regress/sbin/pfctl/pf67.ok index 71bbc7461f2..d0b9f865075 100644 --- a/regress/sbin/pfctl/pf67.ok +++ b/regress/sbin/pfctl/pf67.ok @@ -1,2 +1,2 @@ -pass in quick on tun0 all keep state tag regress -pass out quick on lo0 all keep state tagged regress +pass in quick on tun0 all keep state tag regress +pass out quick on lo0 all keep state tagged regress diff --git a/regress/sbin/pfctl/pf68.loaded b/regress/sbin/pfctl/pf68.loaded index ec684575e27..dd189977ca8 100644 --- a/regress/sbin/pfctl/pf68.loaded +++ b/regress/sbin/pfctl/pf68.loaded @@ -1,264 +1,264 @@ -@0 scrub proto tcp all fragment reassemble +@0 scrub proto tcp all fragment reassemble [ Skip steps: i=14 d=3 f=10 p=end sa=8 sp=43 da=10 dp=35 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 scrub proto tcp all fragment reassemble +@1 scrub proto tcp all fragment reassemble [ Skip steps: i=14 d=3 f=10 p=end sa=8 sp=43 da=10 dp=35 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@2 scrub proto tcp all fragment reassemble +@2 scrub proto tcp all fragment reassemble [ Skip steps: i=14 f=10 p=end sa=8 sp=43 da=10 dp=35 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@3 scrub in proto tcp all fragment reassemble +@3 scrub in proto tcp all fragment reassemble [ Skip steps: i=14 d=29 f=10 p=end sa=8 sp=43 da=10 dp=35 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@4 scrub in proto tcp all fragment reassemble +@4 scrub in proto tcp all fragment reassemble [ Skip steps: i=14 d=29 f=10 p=end sa=8 sp=43 da=10 dp=35 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@5 scrub in proto tcp all fragment crop +@5 scrub in proto tcp all fragment crop [ Skip steps: i=14 d=29 f=10 p=end sa=8 sp=43 da=10 dp=35 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@6 scrub in proto tcp all fragment drop-ovl +@6 scrub in proto tcp all fragment drop-ovl [ Skip steps: i=14 d=29 f=10 p=end sa=8 sp=43 da=10 dp=35 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@7 scrub in proto tcp all fragment reassemble +@7 scrub in proto tcp all fragment reassemble [ Skip steps: i=14 d=29 f=10 p=end sp=43 da=10 dp=35 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@8 scrub in proto tcp from <regress.1:*> to any fragment reassemble +@8 scrub in proto tcp from <regress.1:*> to any fragment reassemble [ Skip steps: i=14 d=29 f=10 p=end sp=43 da=10 dp=35 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@9 scrub in proto tcp from ! <regress.2:*> to any fragment reassemble +@9 scrub in proto tcp from ! <regress.2:*> to any fragment reassemble [ Skip steps: i=14 d=29 p=end sp=43 dp=35 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@10 scrub in inet proto tcp from 10.0.0.1 to 10.0.0.3 fragment reassemble +@10 scrub in inet proto tcp from 10.0.0.1 to 10.0.0.3 fragment reassemble [ Skip steps: i=14 d=29 f=14 p=end sa=12 sp=43 dp=35 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@11 scrub in inet proto tcp from 10.0.0.1 to 10.0.0.4 fragment reassemble +@11 scrub in inet proto tcp from 10.0.0.1 to 10.0.0.4 fragment reassemble [ Skip steps: i=14 d=29 f=14 p=end sp=43 dp=35 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@12 scrub in inet proto tcp from 10.0.0.2 to 10.0.0.3 fragment reassemble +@12 scrub in inet proto tcp from 10.0.0.2 to 10.0.0.3 fragment reassemble [ Skip steps: i=14 d=29 f=14 p=end sa=14 sp=43 dp=35 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@13 scrub in inet proto tcp from 10.0.0.2 to 10.0.0.4 fragment reassemble +@13 scrub in inet proto tcp from 10.0.0.2 to 10.0.0.4 fragment reassemble [ Skip steps: d=29 p=end sp=43 dp=35 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@14 scrub in log on lo0 proto tcp all min-ttl 25 fragment reassemble +@14 scrub in log on lo0 proto tcp all min-ttl 25 fragment reassemble [ Skip steps: i=18 d=29 p=end sp=43 dp=35 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@15 scrub in log on lo0 inet6 proto tcp from (lo1) to 2000::1 fragment reassemble +@15 scrub in log on lo0 inet6 proto tcp from (lo1) to 2000::1 fragment reassemble [ Skip steps: i=18 d=29 f=17 p=end sp=43 da=17 dp=35 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@16 scrub in log on lo0 inet6 proto tcp from (lo0) to 2000::1 fragment reassemble +@16 scrub in log on lo0 inet6 proto tcp from (lo0) to 2000::1 fragment reassemble [ Skip steps: i=18 d=29 p=end sp=43 dp=35 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@17 scrub in log on lo0 proto tcp all fragment reassemble +@17 scrub in log on lo0 proto tcp all fragment reassemble [ Skip steps: d=29 f=28 p=end sa=28 sp=43 da=31 dp=35 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@18 scrub in log on lo1 proto tcp all fragment reassemble +@18 scrub in log on lo1 proto tcp all fragment reassemble [ Skip steps: d=29 f=28 p=end sa=28 sp=43 da=31 dp=35 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@19 scrub in on lo0 proto tcp all fragment reassemble +@19 scrub in on lo0 proto tcp all fragment reassemble [ Skip steps: i=30 d=29 f=28 p=end sa=28 sp=43 da=31 dp=35 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@20 scrub in on lo0 proto tcp all no-df min-ttl 15 max-mss 224 fragment reassemble +@20 scrub in on lo0 proto tcp all no-df min-ttl 15 max-mss 224 fragment reassemble [ Skip steps: i=30 d=29 f=28 p=end sa=28 sp=43 da=31 dp=35 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@21 scrub in on lo0 proto tcp all max-mss 224 fragment reassemble +@21 scrub in on lo0 proto tcp all max-mss 224 fragment reassemble [ Skip steps: i=30 d=29 f=28 p=end sa=28 sp=43 da=31 dp=35 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@22 scrub in on lo0 proto tcp all no-df min-ttl 15 max-mss 224 fragment reassemble +@22 scrub in on lo0 proto tcp all no-df min-ttl 15 max-mss 224 fragment reassemble [ Skip steps: i=30 d=29 f=28 p=end sa=28 sp=43 da=31 dp=35 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@23 scrub in on lo0 proto tcp all no-df min-ttl 15 max-mss 224 fragment drop-ovl +@23 scrub in on lo0 proto tcp all no-df min-ttl 15 max-mss 224 fragment drop-ovl [ Skip steps: i=30 d=29 f=28 p=end sa=28 sp=43 da=31 dp=35 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@24 scrub in on lo0 proto tcp all no-df min-ttl 15 max-mss 224 fragment reassemble +@24 scrub in on lo0 proto tcp all no-df min-ttl 15 max-mss 224 fragment reassemble [ Skip steps: i=30 d=29 f=28 p=end sa=28 sp=43 da=31 dp=35 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@25 scrub in on lo0 proto tcp all no-df fragment reassemble +@25 scrub in on lo0 proto tcp all no-df fragment reassemble [ Skip steps: i=30 d=29 f=28 p=end sa=28 sp=43 da=31 dp=35 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@26 scrub in on lo0 proto tcp all no-df min-ttl 15 max-mss 224 fragment crop +@26 scrub in on lo0 proto tcp all no-df min-ttl 15 max-mss 224 fragment crop [ Skip steps: i=30 d=29 f=28 p=end sa=28 sp=43 da=31 dp=35 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@27 scrub in on lo0 proto tcp all no-df min-ttl 15 max-mss 224 fragment reassemble +@27 scrub in on lo0 proto tcp all no-df min-ttl 15 max-mss 224 fragment reassemble [ Skip steps: i=30 d=29 p=end sp=43 da=31 dp=35 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@28 scrub in on lo0 inet proto tcp from (lo0) to any fragment reassemble +@28 scrub in on lo0 inet proto tcp from (lo0) to any fragment reassemble [ Skip steps: i=30 p=end sp=43 da=31 dp=35 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@29 scrub on lo0 proto tcp all max-mss 224 fragment reassemble +@29 scrub on lo0 proto tcp all max-mss 224 fragment reassemble [ Skip steps: f=33 p=end sa=36 sp=43 da=31 dp=35 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@30 scrub out proto tcp all fragment reassemble +@30 scrub out proto tcp all fragment reassemble [ Skip steps: i=33 d=34 f=33 p=end sa=36 sp=43 dp=35 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@31 scrub out proto tcp from any to ! <regress.1:*> fragment reassemble +@31 scrub out proto tcp from any to ! <regress.1:*> fragment reassemble [ Skip steps: i=33 d=34 f=33 p=end sa=36 sp=43 dp=35 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@32 scrub out proto tcp from any to <regress.2:*> fragment reassemble +@32 scrub out proto tcp from any to <regress.2:*> fragment reassemble [ Skip steps: d=34 p=end sa=36 sp=43 dp=35 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@33 scrub out log on lo1 inet proto tcp from any to 10.0.0.1 no-df max-mss 224 fragment reassemble +@33 scrub out log on lo1 inet proto tcp from any to 10.0.0.1 no-df max-mss 224 fragment reassemble [ Skip steps: p=end sa=36 sp=43 dp=35 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@34 scrub proto tcp all random-id fragment reassemble +@34 scrub proto tcp all random-id fragment reassemble [ Skip steps: i=42 d=36 f=38 p=end sa=36 sp=43 da=38 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@35 scrub proto tcp from any to any port = www fragment reassemble +@35 scrub proto tcp from any to any port = www fragment reassemble [ Skip steps: i=42 f=38 p=end sp=43 da=38 dp=43 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@36 scrub in proto tcp from <regress.1:*> to any port = www fragment reassemble +@36 scrub in proto tcp from <regress.1:*> to any port = www fragment reassemble [ Skip steps: i=42 d=62 f=38 p=end sp=43 da=38 dp=43 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@37 scrub in proto tcp from ! <regress.2:*> to any port = www fragment reassemble +@37 scrub in proto tcp from ! <regress.2:*> to any port = www fragment reassemble [ Skip steps: i=42 d=62 p=end sp=43 dp=43 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@38 scrub in inet proto tcp from 10.0.0.1 to 10.0.0.3 port = www fragment reassemble +@38 scrub in inet proto tcp from 10.0.0.1 to 10.0.0.3 port = www fragment reassemble [ Skip steps: i=42 d=62 f=42 p=end sa=40 sp=43 dp=43 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@39 scrub in inet proto tcp from 10.0.0.1 to 10.0.0.4 port = www fragment reassemble +@39 scrub in inet proto tcp from 10.0.0.1 to 10.0.0.4 port = www fragment reassemble [ Skip steps: i=42 d=62 f=42 p=end sp=43 dp=43 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@40 scrub in inet proto tcp from 10.0.0.2 to 10.0.0.3 port = www fragment reassemble +@40 scrub in inet proto tcp from 10.0.0.2 to 10.0.0.3 port = www fragment reassemble [ Skip steps: i=42 d=62 f=42 p=end sa=42 sp=43 dp=43 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@41 scrub in inet proto tcp from 10.0.0.2 to 10.0.0.4 port = www fragment reassemble +@41 scrub in inet proto tcp from 10.0.0.2 to 10.0.0.4 port = www fragment reassemble [ Skip steps: d=62 p=end sp=43 dp=43 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@42 scrub in log on lo0 proto tcp from any to any port = www min-ttl 25 fragment reassemble +@42 scrub in log on lo0 proto tcp from any to any port = www min-ttl 25 fragment reassemble [ Skip steps: i=46 d=62 p=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@43 scrub in log on lo0 inet6 proto tcp from (lo1) port = www to 2000::1 fragment reassemble +@43 scrub in log on lo0 inet6 proto tcp from (lo1) port = www to 2000::1 fragment reassemble [ Skip steps: i=46 d=62 f=45 p=end sp=48 da=45 dp=49 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@44 scrub in log on lo0 inet6 proto tcp from (lo0) port = www to 2000::1 fragment reassemble +@44 scrub in log on lo0 inet6 proto tcp from (lo0) port = www to 2000::1 fragment reassemble [ Skip steps: i=46 d=62 p=end sp=48 dp=49 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@45 scrub in log on lo0 proto tcp from any port = www to any fragment reassemble +@45 scrub in log on lo0 proto tcp from any port = www to any fragment reassemble [ Skip steps: d=62 f=61 p=end sa=61 sp=48 da=63 dp=49 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@46 scrub in log on lo1 proto tcp from any port = www to any fragment reassemble +@46 scrub in log on lo1 proto tcp from any port = www to any fragment reassemble [ Skip steps: d=62 f=61 p=end sa=61 sp=48 da=63 dp=49 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@47 scrub in on lo0 proto tcp from any port = www to any no-df min-ttl 15 max-mss 224 fragment reassemble +@47 scrub in on lo0 proto tcp from any port = www to any no-df min-ttl 15 max-mss 224 fragment reassemble [ Skip steps: i=63 d=62 f=61 p=end sa=61 da=63 dp=49 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@48 scrub in on lo0 proto tcp from any port = 81 to any no-df min-ttl 15 max-mss 224 fragment reassemble +@48 scrub in on lo0 proto tcp from any port = 81 to any no-df min-ttl 15 max-mss 224 fragment reassemble [ Skip steps: i=63 d=62 f=61 p=end sa=61 da=63 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@49 scrub in on lo0 proto tcp from any to any port = www max-mss 224 fragment reassemble +@49 scrub in on lo0 proto tcp from any to any port = www max-mss 224 fragment reassemble [ Skip steps: i=63 d=62 f=61 p=end sa=61 da=63 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@50 scrub in on lo0 proto tcp from any port = www to any no-df min-ttl 15 max-mss 224 fragment reassemble +@50 scrub in on lo0 proto tcp from any port = www to any no-df min-ttl 15 max-mss 224 fragment reassemble [ Skip steps: i=63 d=62 f=61 p=end sa=61 sp=52 da=63 dp=52 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@51 scrub in on lo0 proto tcp from any port = www to any no-df min-ttl 15 max-mss 224 fragment drop-ovl +@51 scrub in on lo0 proto tcp from any port = www to any no-df min-ttl 15 max-mss 224 fragment drop-ovl [ Skip steps: i=63 d=62 f=61 p=end sa=61 da=63 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@52 scrub in on lo0 proto tcp from any to any port = www no-df min-ttl 15 max-mss 224 fragment reassemble +@52 scrub in on lo0 proto tcp from any to any port = www no-df min-ttl 15 max-mss 224 fragment reassemble [ Skip steps: i=63 d=62 f=61 p=end sa=61 sp=55 da=63 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@53 scrub in on lo0 proto tcp from any to any port = 81 no-df min-ttl 15 max-mss 224 fragment reassemble +@53 scrub in on lo0 proto tcp from any to any port = 81 no-df min-ttl 15 max-mss 224 fragment reassemble [ Skip steps: i=63 d=62 f=61 p=end sa=61 sp=55 da=63 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@54 scrub in on lo0 proto tcp from any to any port = 82 no-df min-ttl 15 max-mss 224 fragment reassemble +@54 scrub in on lo0 proto tcp from any to any port = 82 no-df min-ttl 15 max-mss 224 fragment reassemble [ Skip steps: i=63 d=62 f=61 p=end sa=61 da=63 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@55 scrub in on lo0 proto tcp from any port = www to any port = www no-df fragment reassemble +@55 scrub in on lo0 proto tcp from any port = www to any port = www no-df fragment reassemble [ Skip steps: i=63 d=62 f=61 p=end sa=61 sp=58 da=63 dp=57 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@56 scrub in on lo0 proto tcp from any port = www to any port = www no-df min-ttl 15 max-mss 224 fragment crop +@56 scrub in on lo0 proto tcp from any port = www to any port = www no-df min-ttl 15 max-mss 224 fragment crop [ Skip steps: i=63 d=62 f=61 p=end sa=61 sp=58 da=63 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@57 scrub in on lo0 proto tcp from any port = www to any port = 81 no-df min-ttl 15 max-mss 224 fragment crop +@57 scrub in on lo0 proto tcp from any port = www to any port = 81 no-df min-ttl 15 max-mss 224 fragment crop [ Skip steps: i=63 d=62 f=61 p=end sa=61 da=63 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@58 scrub in on lo0 proto tcp from any port = 81 to any port = www no-df min-ttl 15 max-mss 224 fragment crop +@58 scrub in on lo0 proto tcp from any port = 81 to any port = www no-df min-ttl 15 max-mss 224 fragment crop [ Skip steps: i=63 d=62 f=61 p=end sa=61 sp=60 da=63 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@59 scrub in on lo0 proto tcp from any port = 81 to any port = 81 no-df min-ttl 15 max-mss 224 fragment crop +@59 scrub in on lo0 proto tcp from any port = 81 to any port = 81 no-df min-ttl 15 max-mss 224 fragment crop [ Skip steps: i=63 d=62 f=61 p=end sa=61 da=63 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@60 scrub in on lo0 proto tcp from any to any port = 83 no-df min-ttl 15 max-mss 224 fragment reassemble +@60 scrub in on lo0 proto tcp from any to any port = 83 no-df min-ttl 15 max-mss 224 fragment reassemble [ Skip steps: i=63 d=62 p=end da=63 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@61 scrub in on lo0 inet proto tcp from (lo0) port = www to any fragment reassemble +@61 scrub in on lo0 inet proto tcp from (lo0) port = www to any fragment reassemble [ Skip steps: i=63 p=end da=63 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@62 scrub on lo0 proto tcp from any to any port = www max-mss 224 fragment reassemble +@62 scrub on lo0 proto tcp from any to any port = www max-mss 224 fragment reassemble [ Skip steps: f=65 p=end sa=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@63 scrub out proto tcp from any to ! <regress.1:*> port = www fragment reassemble +@63 scrub out proto tcp from any to ! <regress.1:*> port = www fragment reassemble [ Skip steps: i=65 d=end f=65 p=end sa=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@64 scrub out proto tcp from any to <regress.2:*> port = www fragment reassemble +@64 scrub out proto tcp from any to <regress.2:*> port = www fragment reassemble [ Skip steps: d=end p=end sa=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@65 scrub out log on lo1 inet proto tcp from any to 10.0.0.1 port = www no-df max-mss 224 fragment reassemble +@65 scrub out log on lo1 inet proto tcp from any to 10.0.0.1 port = www no-df max-mss 224 fragment reassemble [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf68.ok b/regress/sbin/pfctl/pf68.ok index 0870d350a18..b813fef16aa 100644 --- a/regress/sbin/pfctl/pf68.ok +++ b/regress/sbin/pfctl/pf68.ok @@ -1,66 +1,66 @@ -scrub proto tcp all fragment reassemble -scrub proto tcp all fragment reassemble -scrub proto tcp all fragment reassemble -scrub in proto tcp all fragment reassemble -scrub in proto tcp all fragment reassemble -scrub in proto tcp all fragment crop -scrub in proto tcp all fragment drop-ovl -scrub in proto tcp all fragment reassemble -scrub in proto tcp from <regress.1> to any fragment reassemble -scrub in proto tcp from ! <regress.2> to any fragment reassemble -scrub in inet proto tcp from 10.0.0.1 to 10.0.0.3 fragment reassemble -scrub in inet proto tcp from 10.0.0.1 to 10.0.0.4 fragment reassemble -scrub in inet proto tcp from 10.0.0.2 to 10.0.0.3 fragment reassemble -scrub in inet proto tcp from 10.0.0.2 to 10.0.0.4 fragment reassemble -scrub in log on lo0 proto tcp all min-ttl 25 fragment reassemble -scrub in log on lo0 inet6 proto tcp from (lo1) to 2000::1 fragment reassemble -scrub in log on lo0 inet6 proto tcp from (lo0) to 2000::1 fragment reassemble -scrub in log on lo0 proto tcp all fragment reassemble -scrub in log on lo1 proto tcp all fragment reassemble -scrub in on lo0 proto tcp all fragment reassemble -scrub in on lo0 proto tcp all no-df min-ttl 15 max-mss 224 fragment reassemble -scrub in on lo0 proto tcp all max-mss 224 fragment reassemble -scrub in on lo0 proto tcp all no-df min-ttl 15 max-mss 224 fragment reassemble -scrub in on lo0 proto tcp all no-df min-ttl 15 max-mss 224 fragment drop-ovl -scrub in on lo0 proto tcp all no-df min-ttl 15 max-mss 224 fragment reassemble -scrub in on lo0 proto tcp all no-df fragment reassemble -scrub in on lo0 proto tcp all no-df min-ttl 15 max-mss 224 fragment crop -scrub in on lo0 proto tcp all no-df min-ttl 15 max-mss 224 fragment reassemble -scrub in on lo0 inet proto tcp from (lo0) to any fragment reassemble -scrub on lo0 proto tcp all max-mss 224 fragment reassemble -scrub out proto tcp all fragment reassemble -scrub out proto tcp from any to ! <regress.1> fragment reassemble -scrub out proto tcp from any to <regress.2> fragment reassemble -scrub out log on lo1 inet proto tcp from any to 10.0.0.1 no-df max-mss 224 fragment reassemble -scrub proto tcp all random-id fragment reassemble -scrub proto tcp from any to any port = www fragment reassemble -scrub in proto tcp from <regress.1> to any port = www fragment reassemble -scrub in proto tcp from ! <regress.2> to any port = www fragment reassemble -scrub in inet proto tcp from 10.0.0.1 to 10.0.0.3 port = www fragment reassemble -scrub in inet proto tcp from 10.0.0.1 to 10.0.0.4 port = www fragment reassemble -scrub in inet proto tcp from 10.0.0.2 to 10.0.0.3 port = www fragment reassemble -scrub in inet proto tcp from 10.0.0.2 to 10.0.0.4 port = www fragment reassemble -scrub in log on lo0 proto tcp from any to any port = www min-ttl 25 fragment reassemble -scrub in log on lo0 inet6 proto tcp from (lo1) port = www to 2000::1 fragment reassemble -scrub in log on lo0 inet6 proto tcp from (lo0) port = www to 2000::1 fragment reassemble -scrub in log on lo0 proto tcp from any port = www to any fragment reassemble -scrub in log on lo1 proto tcp from any port = www to any fragment reassemble -scrub in on lo0 proto tcp from any port = www to any no-df min-ttl 15 max-mss 224 fragment reassemble -scrub in on lo0 proto tcp from any port = 81 to any no-df min-ttl 15 max-mss 224 fragment reassemble -scrub in on lo0 proto tcp from any to any port = www max-mss 224 fragment reassemble -scrub in on lo0 proto tcp from any port = www to any no-df min-ttl 15 max-mss 224 fragment reassemble -scrub in on lo0 proto tcp from any port = www to any no-df min-ttl 15 max-mss 224 fragment drop-ovl -scrub in on lo0 proto tcp from any to any port = www no-df min-ttl 15 max-mss 224 fragment reassemble -scrub in on lo0 proto tcp from any to any port = 81 no-df min-ttl 15 max-mss 224 fragment reassemble -scrub in on lo0 proto tcp from any to any port = 82 no-df min-ttl 15 max-mss 224 fragment reassemble -scrub in on lo0 proto tcp from any port = www to any port = www no-df fragment reassemble -scrub in on lo0 proto tcp from any port = www to any port = www no-df min-ttl 15 max-mss 224 fragment crop -scrub in on lo0 proto tcp from any port = www to any port = 81 no-df min-ttl 15 max-mss 224 fragment crop -scrub in on lo0 proto tcp from any port = 81 to any port = www no-df min-ttl 15 max-mss 224 fragment crop -scrub in on lo0 proto tcp from any port = 81 to any port = 81 no-df min-ttl 15 max-mss 224 fragment crop -scrub in on lo0 proto tcp from any to any port = 83 no-df min-ttl 15 max-mss 224 fragment reassemble -scrub in on lo0 inet proto tcp from (lo0) port = www to any fragment reassemble -scrub on lo0 proto tcp from any to any port = www max-mss 224 fragment reassemble -scrub out proto tcp from any to ! <regress.1> port = www fragment reassemble -scrub out proto tcp from any to <regress.2> port = www fragment reassemble -scrub out log on lo1 inet proto tcp from any to 10.0.0.1 port = www no-df max-mss 224 fragment reassemble +scrub proto tcp all fragment reassemble +scrub proto tcp all fragment reassemble +scrub proto tcp all fragment reassemble +scrub in proto tcp all fragment reassemble +scrub in proto tcp all fragment reassemble +scrub in proto tcp all fragment crop +scrub in proto tcp all fragment drop-ovl +scrub in proto tcp all fragment reassemble +scrub in proto tcp from <regress.1> to any fragment reassemble +scrub in proto tcp from ! <regress.2> to any fragment reassemble +scrub in inet proto tcp from 10.0.0.1 to 10.0.0.3 fragment reassemble +scrub in inet proto tcp from 10.0.0.1 to 10.0.0.4 fragment reassemble +scrub in inet proto tcp from 10.0.0.2 to 10.0.0.3 fragment reassemble +scrub in inet proto tcp from 10.0.0.2 to 10.0.0.4 fragment reassemble +scrub in log on lo0 proto tcp all min-ttl 25 fragment reassemble +scrub in log on lo0 inet6 proto tcp from (lo1) to 2000::1 fragment reassemble +scrub in log on lo0 inet6 proto tcp from (lo0) to 2000::1 fragment reassemble +scrub in log on lo0 proto tcp all fragment reassemble +scrub in log on lo1 proto tcp all fragment reassemble +scrub in on lo0 proto tcp all fragment reassemble +scrub in on lo0 proto tcp all no-df min-ttl 15 max-mss 224 fragment reassemble +scrub in on lo0 proto tcp all max-mss 224 fragment reassemble +scrub in on lo0 proto tcp all no-df min-ttl 15 max-mss 224 fragment reassemble +scrub in on lo0 proto tcp all no-df min-ttl 15 max-mss 224 fragment drop-ovl +scrub in on lo0 proto tcp all no-df min-ttl 15 max-mss 224 fragment reassemble +scrub in on lo0 proto tcp all no-df fragment reassemble +scrub in on lo0 proto tcp all no-df min-ttl 15 max-mss 224 fragment crop +scrub in on lo0 proto tcp all no-df min-ttl 15 max-mss 224 fragment reassemble +scrub in on lo0 inet proto tcp from (lo0) to any fragment reassemble +scrub on lo0 proto tcp all max-mss 224 fragment reassemble +scrub out proto tcp all fragment reassemble +scrub out proto tcp from any to ! <regress.1> fragment reassemble +scrub out proto tcp from any to <regress.2> fragment reassemble +scrub out log on lo1 inet proto tcp from any to 10.0.0.1 no-df max-mss 224 fragment reassemble +scrub proto tcp all random-id fragment reassemble +scrub proto tcp from any to any port = www fragment reassemble +scrub in proto tcp from <regress.1> to any port = www fragment reassemble +scrub in proto tcp from ! <regress.2> to any port = www fragment reassemble +scrub in inet proto tcp from 10.0.0.1 to 10.0.0.3 port = www fragment reassemble +scrub in inet proto tcp from 10.0.0.1 to 10.0.0.4 port = www fragment reassemble +scrub in inet proto tcp from 10.0.0.2 to 10.0.0.3 port = www fragment reassemble +scrub in inet proto tcp from 10.0.0.2 to 10.0.0.4 port = www fragment reassemble +scrub in log on lo0 proto tcp from any to any port = www min-ttl 25 fragment reassemble +scrub in log on lo0 inet6 proto tcp from (lo1) port = www to 2000::1 fragment reassemble +scrub in log on lo0 inet6 proto tcp from (lo0) port = www to 2000::1 fragment reassemble +scrub in log on lo0 proto tcp from any port = www to any fragment reassemble +scrub in log on lo1 proto tcp from any port = www to any fragment reassemble +scrub in on lo0 proto tcp from any port = www to any no-df min-ttl 15 max-mss 224 fragment reassemble +scrub in on lo0 proto tcp from any port = 81 to any no-df min-ttl 15 max-mss 224 fragment reassemble +scrub in on lo0 proto tcp from any to any port = www max-mss 224 fragment reassemble +scrub in on lo0 proto tcp from any port = www to any no-df min-ttl 15 max-mss 224 fragment reassemble +scrub in on lo0 proto tcp from any port = www to any no-df min-ttl 15 max-mss 224 fragment drop-ovl +scrub in on lo0 proto tcp from any to any port = www no-df min-ttl 15 max-mss 224 fragment reassemble +scrub in on lo0 proto tcp from any to any port = 81 no-df min-ttl 15 max-mss 224 fragment reassemble +scrub in on lo0 proto tcp from any to any port = 82 no-df min-ttl 15 max-mss 224 fragment reassemble +scrub in on lo0 proto tcp from any port = www to any port = www no-df fragment reassemble +scrub in on lo0 proto tcp from any port = www to any port = www no-df min-ttl 15 max-mss 224 fragment crop +scrub in on lo0 proto tcp from any port = www to any port = 81 no-df min-ttl 15 max-mss 224 fragment crop +scrub in on lo0 proto tcp from any port = 81 to any port = www no-df min-ttl 15 max-mss 224 fragment crop +scrub in on lo0 proto tcp from any port = 81 to any port = 81 no-df min-ttl 15 max-mss 224 fragment crop +scrub in on lo0 proto tcp from any to any port = 83 no-df min-ttl 15 max-mss 224 fragment reassemble +scrub in on lo0 inet proto tcp from (lo0) port = www to any fragment reassemble +scrub on lo0 proto tcp from any to any port = www max-mss 224 fragment reassemble +scrub out proto tcp from any to ! <regress.1> port = www fragment reassemble +scrub out proto tcp from any to <regress.2> port = www fragment reassemble +scrub out log on lo1 inet proto tcp from any to 10.0.0.1 port = www no-df max-mss 224 fragment reassemble diff --git a/regress/sbin/pfctl/pf69.loaded b/regress/sbin/pfctl/pf69.loaded index 77d526dbb31..3ba0f120cba 100644 --- a/regress/sbin/pfctl/pf69.loaded +++ b/regress/sbin/pfctl/pf69.loaded @@ -2,7 +2,7 @@ [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@0 pass out quick on lo0 all keep state tagged regress +@0 pass out quick on lo0 all keep state tagged regress [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf69.ok b/regress/sbin/pfctl/pf69.ok index 35355877489..3025732d703 100644 --- a/regress/sbin/pfctl/pf69.ok +++ b/regress/sbin/pfctl/pf69.ok @@ -1,2 +1,2 @@ nat on lo0 inet all tag regress -> 127.0.0.1 -pass out quick on lo0 all keep state tagged regress +pass out quick on lo0 all keep state tagged regress diff --git a/regress/sbin/pfctl/pf7.loaded b/regress/sbin/pfctl/pf7.loaded index e1a844703c4..6b415cd6360 100644 --- a/regress/sbin/pfctl/pf7.loaded +++ b/regress/sbin/pfctl/pf7.loaded @@ -1,84 +1,84 @@ -@0 block drop out log on tun0 all +@0 block drop out log on tun0 all [ Skip steps: i=end f=6 p=2 sa=6 sp=end da=7 dp=15 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 block drop in log on tun0 all +@1 block drop in log on tun0 all [ Skip steps: i=end f=6 sa=6 sp=end da=7 dp=15 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@2 block return-rst out log on tun0 proto tcp all +@2 block return-rst out log on tun0 proto tcp all [ Skip steps: i=end f=6 p=4 sa=6 sp=end da=7 dp=15 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@3 block return-rst in log on tun0 proto tcp all +@3 block return-rst in log on tun0 proto tcp all [ Skip steps: i=end f=6 sa=6 sp=end da=7 dp=15 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@4 block return-icmp(port-unr, port-unr) out log on tun0 proto udp all +@4 block return-icmp(port-unr, port-unr) out log on tun0 proto udp all [ Skip steps: i=end f=6 p=6 sa=6 sp=end da=7 dp=15 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@5 block return-icmp(port-unr, port-unr) in log on tun0 proto udp all +@5 block return-icmp(port-unr, port-unr) in log on tun0 proto udp all [ Skip steps: i=end sp=end da=7 dp=15 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@6 block drop out log quick on tun0 inet from ! 157.161.48.183 to any +@6 block drop out log quick on tun0 inet from ! 157.161.48.183 to any [ Skip steps: i=end f=14 p=12 sp=end dp=15 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@7 block drop in quick on tun0 inet from any to 255.255.255.255 +@7 block drop in quick on tun0 inet from any to 255.255.255.255 [ Skip steps: i=end d=12 f=14 p=12 sp=end dp=15 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@8 block drop in log quick on tun0 inet from 10.0.0.0/8 to any +@8 block drop in log quick on tun0 inet from 10.0.0.0/8 to any [ Skip steps: i=end d=12 f=14 p=12 sp=end da=end dp=15 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@9 block drop in log quick on tun0 inet from 172.16.0.0/12 to any +@9 block drop in log quick on tun0 inet from 172.16.0.0/12 to any [ Skip steps: i=end d=12 f=14 p=12 sp=end da=end dp=15 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@10 block drop in log quick on tun0 inet from 192.168.0.0/16 to any +@10 block drop in log quick on tun0 inet from 192.168.0.0/16 to any [ Skip steps: i=end d=12 f=14 p=12 sp=end da=end dp=15 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@11 block drop in log quick on tun0 inet from 255.255.255.255 to any +@11 block drop in log quick on tun0 inet from 255.255.255.255 to any [ Skip steps: i=end f=14 sp=end da=end dp=15 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@12 pass out on tun0 inet proto icmp all icmp-type echoreq code 0 keep state +@12 pass out on tun0 inet proto icmp all icmp-type echoreq code 0 keep state [ Skip steps: i=end f=14 p=14 sa=end sp=end da=end dp=15 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@13 pass in on tun0 inet proto icmp all icmp-type echoreq code 0 keep state +@13 pass in on tun0 inet proto icmp all icmp-type echoreq code 0 keep state [ Skip steps: i=end sa=end sp=end da=end dp=15 ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@14 pass out on tun0 proto udp all keep state +@14 pass out on tun0 proto udp all keep state [ Skip steps: i=end f=end p=16 sa=end sp=end da=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@15 pass in on tun0 proto udp from any to any port = domain keep state +@15 pass in on tun0 proto udp from any to any port = domain keep state [ Skip steps: i=end f=end sa=end sp=end da=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@16 pass out on tun0 proto tcp all modulate state +@16 pass out on tun0 proto tcp all modulate state [ Skip steps: i=end f=end p=end sa=end sp=end da=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@17 pass in on tun0 proto tcp from any to any port = ssh modulate state +@17 pass in on tun0 proto tcp from any to any port = ssh modulate state [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@18 pass in on tun0 proto tcp from any to any port = smtp modulate state +@18 pass in on tun0 proto tcp from any to any port = smtp modulate state [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@19 pass in on tun0 proto tcp from any to any port = domain modulate state +@19 pass in on tun0 proto tcp from any to any port = domain modulate state [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@20 pass in on tun0 proto tcp from any to any port = auth modulate state +@20 pass in on tun0 proto tcp from any to any port = auth modulate state [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf7.ok b/regress/sbin/pfctl/pf7.ok index 295f2f8074a..53986a92aac 100644 --- a/regress/sbin/pfctl/pf7.ok +++ b/regress/sbin/pfctl/pf7.ok @@ -1,21 +1,21 @@ -block drop out log on tun0 all -block drop in log on tun0 all -block return-rst out log on tun0 proto tcp all -block return-rst in log on tun0 proto tcp all -block return-icmp(port-unr, port-unr) out log on tun0 proto udp all -block return-icmp(port-unr, port-unr) in log on tun0 proto udp all -block drop out log quick on tun0 inet from ! 157.161.48.183 to any -block drop in quick on tun0 inet from any to 255.255.255.255 -block drop in log quick on tun0 inet from 10.0.0.0/8 to any -block drop in log quick on tun0 inet from 172.16.0.0/12 to any -block drop in log quick on tun0 inet from 192.168.0.0/16 to any -block drop in log quick on tun0 inet from 255.255.255.255 to any -pass out on tun0 inet proto icmp all icmp-type echoreq code 0 keep state -pass in on tun0 inet proto icmp all icmp-type echoreq code 0 keep state -pass out on tun0 proto udp all keep state -pass in on tun0 proto udp from any to any port = domain keep state -pass out on tun0 proto tcp all modulate state -pass in on tun0 proto tcp from any to any port = ssh modulate state -pass in on tun0 proto tcp from any to any port = smtp modulate state -pass in on tun0 proto tcp from any to any port = domain modulate state -pass in on tun0 proto tcp from any to any port = auth modulate state +block drop out log on tun0 all +block drop in log on tun0 all +block return-rst out log on tun0 proto tcp all +block return-rst in log on tun0 proto tcp all +block return-icmp(port-unr, port-unr) out log on tun0 proto udp all +block return-icmp(port-unr, port-unr) in log on tun0 proto udp all +block drop out log quick on tun0 inet from ! 157.161.48.183 to any +block drop in quick on tun0 inet from any to 255.255.255.255 +block drop in log quick on tun0 inet from 10.0.0.0/8 to any +block drop in log quick on tun0 inet from 172.16.0.0/12 to any +block drop in log quick on tun0 inet from 192.168.0.0/16 to any +block drop in log quick on tun0 inet from 255.255.255.255 to any +pass out on tun0 inet proto icmp all icmp-type echoreq code 0 keep state +pass in on tun0 inet proto icmp all icmp-type echoreq code 0 keep state +pass out on tun0 proto udp all keep state +pass in on tun0 proto udp from any to any port = domain keep state +pass out on tun0 proto tcp all modulate state +pass in on tun0 proto tcp from any to any port = ssh modulate state +pass in on tun0 proto tcp from any to any port = smtp modulate state +pass in on tun0 proto tcp from any to any port = domain modulate state +pass in on tun0 proto tcp from any to any port = auth modulate state diff --git a/regress/sbin/pfctl/pf70.loaded b/regress/sbin/pfctl/pf70.loaded index f3fd8ecb5cb..e807508f7b0 100644 --- a/regress/sbin/pfctl/pf70.loaded +++ b/regress/sbin/pfctl/pf70.loaded @@ -1,4 +1,4 @@ -@0 no nat on lo0 inet from 10.0.1.0/24 to any tag regress +@0 no nat on lo0 inet from 10.0.1.0/24 to any tag regress [ Skip steps: i=end d=end f=end p=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] @@ -6,7 +6,7 @@ [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@0 block drop out on lo0 all tagged regress +@0 block drop out on lo0 all tagged regress [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf70.ok b/regress/sbin/pfctl/pf70.ok index bc3dc51efdf..88b41edee86 100644 --- a/regress/sbin/pfctl/pf70.ok +++ b/regress/sbin/pfctl/pf70.ok @@ -1,3 +1,3 @@ -no nat on lo0 inet from 10.0.1.0/24 to any tag regress +no nat on lo0 inet from 10.0.1.0/24 to any tag regress nat on lo0 inet from 10.0.0.0/8 to any -> 127.0.0.1 -block drop out on lo0 all tagged regress +block drop out on lo0 all tagged regress diff --git a/regress/sbin/pfctl/pf71.loaded b/regress/sbin/pfctl/pf71.loaded index 330d440881e..a81642fcba2 100644 --- a/regress/sbin/pfctl/pf71.loaded +++ b/regress/sbin/pfctl/pf71.loaded @@ -1,4 +1,4 @@ -@0 no rdr on lo0 inet from 10.0.1.0/24 to any tag regress +@0 no rdr on lo0 inet from 10.0.1.0/24 to any tag regress [ Skip steps: i=end d=end f=end sp=end da=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] @@ -6,7 +6,7 @@ [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@0 block drop out on lo0 all tagged regress +@0 block drop out on lo0 all tagged regress [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf71.ok b/regress/sbin/pfctl/pf71.ok index e561e72e282..148dfd7a5f2 100644 --- a/regress/sbin/pfctl/pf71.ok +++ b/regress/sbin/pfctl/pf71.ok @@ -1,3 +1,3 @@ -no rdr on lo0 inet from 10.0.1.0/24 to any tag regress +no rdr on lo0 inet from 10.0.1.0/24 to any tag regress rdr on lo0 inet proto tcp from 10.0.0.0/8 to any port = www -> 127.0.0.1 -block drop out on lo0 all tagged regress +block drop out on lo0 all tagged regress diff --git a/regress/sbin/pfctl/pf72.loaded b/regress/sbin/pfctl/pf72.loaded index 3435c69840e..104c2d40486 100644 --- a/regress/sbin/pfctl/pf72.loaded +++ b/regress/sbin/pfctl/pf72.loaded @@ -2,7 +2,7 @@ [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@0 block drop out on lo0 all tagged regress +@0 block drop out on lo0 all tagged regress [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf72.ok b/regress/sbin/pfctl/pf72.ok index e59b924619b..9c9d3d00338 100644 --- a/regress/sbin/pfctl/pf72.ok +++ b/regress/sbin/pfctl/pf72.ok @@ -1,2 +1,2 @@ binat on lo0 inet from 192.168.1.1 to any tag regress -> 10.0.0.1 -block drop out on lo0 all tagged regress +block drop out on lo0 all tagged regress diff --git a/regress/sbin/pfctl/pf73.loaded b/regress/sbin/pfctl/pf73.loaded index 35a6be81c9e..ea32bb73c52 100644 --- a/regress/sbin/pfctl/pf73.loaded +++ b/regress/sbin/pfctl/pf73.loaded @@ -1,76 +1,76 @@ -@0 scrub proto tcp all reassemble tcp fragment reassemble +@0 scrub proto tcp all reassemble tcp fragment reassemble [ Skip steps: i=12 d=end f=8 p=end sa=6 sp=end da=8 dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 scrub proto tcp all reassemble tcp fragment reassemble +@1 scrub proto tcp all reassemble tcp fragment reassemble [ Skip steps: i=12 d=end f=8 p=end sa=6 sp=end da=8 dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@2 scrub proto tcp all reassemble tcp fragment reassemble +@2 scrub proto tcp all reassemble tcp fragment reassemble [ Skip steps: i=12 d=end f=8 p=end sa=6 sp=end da=8 dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@3 scrub proto tcp all reassemble tcp fragment crop +@3 scrub proto tcp all reassemble tcp fragment crop [ Skip steps: i=12 d=end f=8 p=end sa=6 sp=end da=8 dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@4 scrub proto tcp all reassemble tcp fragment drop-ovl +@4 scrub proto tcp all reassemble tcp fragment drop-ovl [ Skip steps: i=12 d=end f=8 p=end sa=6 sp=end da=8 dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@5 scrub proto tcp all reassemble tcp fragment reassemble +@5 scrub proto tcp all reassemble tcp fragment reassemble [ Skip steps: i=12 d=end f=8 p=end sp=end da=8 dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@6 scrub proto tcp from <regress.1:*> to any reassemble tcp fragment reassemble +@6 scrub proto tcp from <regress.1:*> to any reassemble tcp fragment reassemble [ Skip steps: i=12 d=end f=8 p=end sp=end da=8 dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@7 scrub proto tcp from ! <regress.2:*> to any reassemble tcp fragment reassemble +@7 scrub proto tcp from ! <regress.2:*> to any reassemble tcp fragment reassemble [ Skip steps: i=12 d=end p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@8 scrub inet proto tcp from 10.0.0.1 to 10.0.0.3 reassemble tcp fragment reassemble +@8 scrub inet proto tcp from 10.0.0.1 to 10.0.0.3 reassemble tcp fragment reassemble [ Skip steps: i=12 d=end f=12 p=end sa=10 sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@9 scrub inet proto tcp from 10.0.0.1 to 10.0.0.4 reassemble tcp fragment reassemble +@9 scrub inet proto tcp from 10.0.0.1 to 10.0.0.4 reassemble tcp fragment reassemble [ Skip steps: i=12 d=end f=12 p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@10 scrub inet proto tcp from 10.0.0.2 to 10.0.0.3 reassemble tcp fragment reassemble +@10 scrub inet proto tcp from 10.0.0.2 to 10.0.0.3 reassemble tcp fragment reassemble [ Skip steps: i=12 d=end f=12 p=end sa=12 sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@11 scrub inet proto tcp from 10.0.0.2 to 10.0.0.4 reassemble tcp fragment reassemble +@11 scrub inet proto tcp from 10.0.0.2 to 10.0.0.4 reassemble tcp fragment reassemble [ Skip steps: d=end p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@12 scrub log on lo0 proto tcp all min-ttl 25 reassemble tcp fragment reassemble +@12 scrub log on lo0 proto tcp all min-ttl 25 reassemble tcp fragment reassemble [ Skip steps: i=16 d=end p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@13 scrub log on lo0 inet6 proto tcp from (lo1) to 2000::1 reassemble tcp fragment reassemble +@13 scrub log on lo0 inet6 proto tcp from (lo1) to 2000::1 reassemble tcp fragment reassemble [ Skip steps: i=16 d=end f=15 p=end sp=end da=15 dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@14 scrub log on lo0 inet6 proto tcp from (lo0) to 2000::1 reassemble tcp fragment reassemble +@14 scrub log on lo0 inet6 proto tcp from (lo0) to 2000::1 reassemble tcp fragment reassemble [ Skip steps: i=16 d=end p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@15 scrub log on lo0 proto tcp all reassemble tcp fragment reassemble +@15 scrub log on lo0 proto tcp all reassemble tcp fragment reassemble [ Skip steps: d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@16 scrub log on lo1 proto tcp all reassemble tcp fragment reassemble +@16 scrub log on lo1 proto tcp all reassemble tcp fragment reassemble [ Skip steps: d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@17 scrub on lo0 proto tcp all reassemble tcp fragment reassemble +@17 scrub on lo0 proto tcp all reassemble tcp fragment reassemble [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@18 scrub on lo0 proto tcp all no-df min-ttl 15 max-mss 224 reassemble tcp fragment reassemble +@18 scrub on lo0 proto tcp all no-df min-ttl 15 max-mss 224 reassemble tcp fragment reassemble [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf73.ok b/regress/sbin/pfctl/pf73.ok index a9f7fecf7c9..b74dd1298b8 100644 --- a/regress/sbin/pfctl/pf73.ok +++ b/regress/sbin/pfctl/pf73.ok @@ -1,19 +1,19 @@ -scrub proto tcp all reassemble tcp fragment reassemble -scrub proto tcp all reassemble tcp fragment reassemble -scrub proto tcp all reassemble tcp fragment reassemble -scrub proto tcp all reassemble tcp fragment crop -scrub proto tcp all reassemble tcp fragment drop-ovl -scrub proto tcp all reassemble tcp fragment reassemble -scrub proto tcp from <regress.1> to any reassemble tcp fragment reassemble -scrub proto tcp from ! <regress.2> to any reassemble tcp fragment reassemble -scrub inet proto tcp from 10.0.0.1 to 10.0.0.3 reassemble tcp fragment reassemble -scrub inet proto tcp from 10.0.0.1 to 10.0.0.4 reassemble tcp fragment reassemble -scrub inet proto tcp from 10.0.0.2 to 10.0.0.3 reassemble tcp fragment reassemble -scrub inet proto tcp from 10.0.0.2 to 10.0.0.4 reassemble tcp fragment reassemble -scrub log on lo0 proto tcp all min-ttl 25 reassemble tcp fragment reassemble -scrub log on lo0 inet6 proto tcp from (lo1) to 2000::1 reassemble tcp fragment reassemble -scrub log on lo0 inet6 proto tcp from (lo0) to 2000::1 reassemble tcp fragment reassemble -scrub log on lo0 proto tcp all reassemble tcp fragment reassemble -scrub log on lo1 proto tcp all reassemble tcp fragment reassemble -scrub on lo0 proto tcp all reassemble tcp fragment reassemble -scrub on lo0 proto tcp all no-df min-ttl 15 max-mss 224 reassemble tcp fragment reassemble +scrub proto tcp all reassemble tcp fragment reassemble +scrub proto tcp all reassemble tcp fragment reassemble +scrub proto tcp all reassemble tcp fragment reassemble +scrub proto tcp all reassemble tcp fragment crop +scrub proto tcp all reassemble tcp fragment drop-ovl +scrub proto tcp all reassemble tcp fragment reassemble +scrub proto tcp from <regress.1> to any reassemble tcp fragment reassemble +scrub proto tcp from ! <regress.2> to any reassemble tcp fragment reassemble +scrub inet proto tcp from 10.0.0.1 to 10.0.0.3 reassemble tcp fragment reassemble +scrub inet proto tcp from 10.0.0.1 to 10.0.0.4 reassemble tcp fragment reassemble +scrub inet proto tcp from 10.0.0.2 to 10.0.0.3 reassemble tcp fragment reassemble +scrub inet proto tcp from 10.0.0.2 to 10.0.0.4 reassemble tcp fragment reassemble +scrub log on lo0 proto tcp all min-ttl 25 reassemble tcp fragment reassemble +scrub log on lo0 inet6 proto tcp from (lo1) to 2000::1 reassemble tcp fragment reassemble +scrub log on lo0 inet6 proto tcp from (lo0) to 2000::1 reassemble tcp fragment reassemble +scrub log on lo0 proto tcp all reassemble tcp fragment reassemble +scrub log on lo1 proto tcp all reassemble tcp fragment reassemble +scrub on lo0 proto tcp all reassemble tcp fragment reassemble +scrub on lo0 proto tcp all no-df min-ttl 15 max-mss 224 reassemble tcp fragment reassemble diff --git a/regress/sbin/pfctl/pf74.loaded b/regress/sbin/pfctl/pf74.loaded index 86d212d2db5..87c4fc1190a 100644 --- a/regress/sbin/pfctl/pf74.loaded +++ b/regress/sbin/pfctl/pf74.loaded @@ -1,4 +1,4 @@ -@0 pass in proto tcp all synproxy state +@0 pass in proto tcp all synproxy state [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf74.ok b/regress/sbin/pfctl/pf74.ok index 44675e55bd4..98ceefcbc77 100644 --- a/regress/sbin/pfctl/pf74.ok +++ b/regress/sbin/pfctl/pf74.ok @@ -1 +1 @@ -pass in proto tcp all synproxy state +pass in proto tcp all synproxy state diff --git a/regress/sbin/pfctl/pf75.loaded b/regress/sbin/pfctl/pf75.loaded index c8205fd1511..22bd950ef29 100644 --- a/regress/sbin/pfctl/pf75.loaded +++ b/regress/sbin/pfctl/pf75.loaded @@ -1,8 +1,8 @@ -@0 block drop in on lo0 inet proto tcp from 192.168.0.0/24 to any port = ssh tag ssh +@0 block drop in on lo0 inet proto tcp from 192.168.0.0/24 to any port = ssh tag ssh [ Skip steps: i=end d=end sp=end da=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 block drop in quick on lo0 all ! tagged ssh +@1 block drop in quick on lo0 all ! tagged ssh [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf75.ok b/regress/sbin/pfctl/pf75.ok index 2aee5146428..460715b5dd2 100644 --- a/regress/sbin/pfctl/pf75.ok +++ b/regress/sbin/pfctl/pf75.ok @@ -1,2 +1,2 @@ -block drop in on lo0 inet proto tcp from 192.168.0.0/24 to any port = ssh tag ssh -block drop in quick on lo0 all ! tagged ssh +block drop in on lo0 inet proto tcp from 192.168.0.0/24 to any port = ssh tag ssh +block drop in quick on lo0 all ! tagged ssh diff --git a/regress/sbin/pfctl/pf77.loaded b/regress/sbin/pfctl/pf77.loaded index d9355dfa831..701ebee32d4 100644 --- a/regress/sbin/pfctl/pf77.loaded +++ b/regress/sbin/pfctl/pf77.loaded @@ -1,4 +1,4 @@ -@0 pass inet from (lo0)/8 to any +@0 pass inet from (lo0)/8 to any [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf77.ok b/regress/sbin/pfctl/pf77.ok index a0576f28ef2..859c79a50eb 100644 --- a/regress/sbin/pfctl/pf77.ok +++ b/regress/sbin/pfctl/pf77.ok @@ -1 +1 @@ -pass inet from (lo0)/8 to any +pass inet from (lo0)/8 to any diff --git a/regress/sbin/pfctl/pf78.loaded b/regress/sbin/pfctl/pf78.loaded index c8dd583b673..0e0f3040068 100644 --- a/regress/sbin/pfctl/pf78.loaded +++ b/regress/sbin/pfctl/pf78.loaded @@ -1,4 +1,4 @@ -@0 pass in inet from 10.0.0.1 to <regress:*> label "10.0.0.1:<regress>" +@0 pass in inet from 10.0.0.1 to <regress:*> label "10.0.0.1:<regress>" [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf78.ok b/regress/sbin/pfctl/pf78.ok index 4165715dab8..c9635580f4a 100644 --- a/regress/sbin/pfctl/pf78.ok +++ b/regress/sbin/pfctl/pf78.ok @@ -1 +1 @@ -pass in inet from 10.0.0.1 to <regress> label "10.0.0.1:<regress>" +pass in inet from 10.0.0.1 to <regress> label "10.0.0.1:<regress>" diff --git a/regress/sbin/pfctl/pf79.loaded b/regress/sbin/pfctl/pf79.loaded index f192a56706f..84eecc63a30 100644 --- a/regress/sbin/pfctl/pf79.loaded +++ b/regress/sbin/pfctl/pf79.loaded @@ -1,4 +1,4 @@ -@0 pass in inet from 10.0.0.1 to no-route label "10.0.0.1:no-route" +@0 pass in inet from 10.0.0.1 to no-route label "10.0.0.1:no-route" [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf79.ok b/regress/sbin/pfctl/pf79.ok index 12d04082405..57792e5ef66 100644 --- a/regress/sbin/pfctl/pf79.ok +++ b/regress/sbin/pfctl/pf79.ok @@ -1 +1 @@ -pass in inet from 10.0.0.1 to no-route label "10.0.0.1:no-route" +pass in inet from 10.0.0.1 to no-route label "10.0.0.1:no-route" diff --git a/regress/sbin/pfctl/pf8.loaded b/regress/sbin/pfctl/pf8.loaded index 6005ac8df24..cc31f73bdd5 100644 --- a/regress/sbin/pfctl/pf8.loaded +++ b/regress/sbin/pfctl/pf8.loaded @@ -1,8 +1,8 @@ -@0 block drop out log on tun1 inet from ! 10.0.0.0/8 to any +@0 block drop out log on tun1 inet from ! 10.0.0.0/8 to any [ Skip steps: i=end d=end f=end p=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 block drop out log on tun1 inet from 10.1.2.3 to any +@1 block drop out log on tun1 inet from 10.1.2.3 to any [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf8.ok b/regress/sbin/pfctl/pf8.ok index ecf95275649..5f3361f70a1 100644 --- a/regress/sbin/pfctl/pf8.ok +++ b/regress/sbin/pfctl/pf8.ok @@ -1,3 +1,3 @@ extern = "{ ! 10.0.0.0/8, 10.1.2.3 }" -block drop out log on tun1 inet from ! 10.0.0.0/8 to any -block drop out log on tun1 inet from 10.1.2.3 to any +block drop out log on tun1 inet from ! 10.0.0.0/8 to any +block drop out log on tun1 inet from 10.1.2.3 to any diff --git a/regress/sbin/pfctl/pf81.loaded b/regress/sbin/pfctl/pf81.loaded index 7f668eafa46..5c6cd6adb33 100644 --- a/regress/sbin/pfctl/pf81.loaded +++ b/regress/sbin/pfctl/pf81.loaded @@ -1,120 +1,120 @@ -@0 pass inet6 from (lo0) to ::1 - [ Skip steps: i=end d=end f=3 p=end sa=3 sp=end dp=end ] +@0 pass inet6 from (lo0) to ::1 + [ Skip steps: i=end d=end f=3 p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 pass inet6 from (lo0) to ::2 - [ Skip steps: i=end d=end f=3 p=end sa=3 sp=end dp=end ] +@1 pass inet6 from (lo0) to ::2 + [ Skip steps: i=end d=end f=3 p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@2 pass inet6 from (lo0) to ::3 +@2 pass inet6 from (lo0) to ::3 [ Skip steps: i=end d=end p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@3 pass inet from (lo0) to 0.0.0.1 - [ Skip steps: i=end d=end f=6 p=end sa=6 sp=end dp=end ] +@3 pass inet from (lo0) to 0.0.0.1 + [ Skip steps: i=end d=end f=6 p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@4 pass inet from (lo0) to 0.0.0.2 - [ Skip steps: i=end d=end f=6 p=end sa=6 sp=end dp=end ] +@4 pass inet from (lo0) to 0.0.0.2 + [ Skip steps: i=end d=end f=6 p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@5 pass inet from (lo0) to 0.0.0.3 +@5 pass inet from (lo0) to 0.0.0.3 [ Skip steps: i=end d=end p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@6 pass from <foo:*> to <bar1:*> - [ Skip steps: i=end d=end f=9 p=end sa=18 sp=end dp=end ] +@6 pass from <foo:*> to <bar1:*> + [ Skip steps: i=end d=end f=9 p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@7 pass from <foo:*> to <bar2:*> - [ Skip steps: i=end d=end f=9 p=end sa=18 sp=end dp=end ] +@7 pass from <foo:*> to <bar2:*> + [ Skip steps: i=end d=end f=9 p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@8 pass from <foo:*> to <bar3:*> - [ Skip steps: i=end d=end p=end sa=18 sp=end dp=end ] +@8 pass from <foo:*> to <bar3:*> + [ Skip steps: i=end d=end p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@9 pass inet6 from <foo:*> to ::1 - [ Skip steps: i=end d=end f=12 p=end sa=18 sp=end dp=end ] +@9 pass inet6 from <foo:*> to ::1 + [ Skip steps: i=end d=end f=12 p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@10 pass inet6 from <foo:*> to ::2 - [ Skip steps: i=end d=end f=12 p=end sa=18 sp=end dp=end ] +@10 pass inet6 from <foo:*> to ::2 + [ Skip steps: i=end d=end f=12 p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@11 pass inet6 from <foo:*> to ::3 - [ Skip steps: i=end d=end p=end sa=18 sp=end dp=end ] +@11 pass inet6 from <foo:*> to ::3 + [ Skip steps: i=end d=end p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@12 pass inet from <foo:*> to 0.0.0.1 - [ Skip steps: i=end d=end f=15 p=end sa=18 sp=end dp=end ] +@12 pass inet from <foo:*> to 0.0.0.1 + [ Skip steps: i=end d=end f=15 p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@13 pass inet from <foo:*> to 0.0.0.2 - [ Skip steps: i=end d=end f=15 p=end sa=18 sp=end dp=end ] +@13 pass inet from <foo:*> to 0.0.0.2 + [ Skip steps: i=end d=end f=15 p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@14 pass inet from <foo:*> to 0.0.0.3 - [ Skip steps: i=end d=end p=end sa=18 sp=end dp=end ] +@14 pass inet from <foo:*> to 0.0.0.3 + [ Skip steps: i=end d=end p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@15 pass from <foo:*> to <bar1:*> - [ Skip steps: i=end d=end f=21 p=end sa=18 sp=end dp=end ] +@15 pass from <foo:*> to <bar1:*> + [ Skip steps: i=end d=end f=21 p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@16 pass from <foo:*> to <bar2:*> - [ Skip steps: i=end d=end f=21 p=end sa=18 sp=end dp=end ] +@16 pass from <foo:*> to <bar2:*> + [ Skip steps: i=end d=end f=21 p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@17 pass from <foo:*> to <bar3:*> +@17 pass from <foo:*> to <bar3:*> [ Skip steps: i=end d=end f=21 p=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@18 pass from no-route to <bar1:*> +@18 pass from no-route to <bar1:*> [ Skip steps: i=end d=end f=21 p=end sa=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@19 pass from no-route to <bar2:*> +@19 pass from no-route to <bar2:*> [ Skip steps: i=end d=end f=21 p=end sa=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@20 pass from no-route to <bar3:*> +@20 pass from no-route to <bar3:*> [ Skip steps: i=end d=end p=end sa=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@21 pass inet6 from no-route to ::1 +@21 pass inet6 from no-route to ::1 [ Skip steps: i=end d=end f=24 p=end sa=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@22 pass inet6 from no-route to ::2 +@22 pass inet6 from no-route to ::2 [ Skip steps: i=end d=end f=24 p=end sa=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@23 pass inet6 from no-route to ::3 +@23 pass inet6 from no-route to ::3 [ Skip steps: i=end d=end p=end sa=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@24 pass inet from no-route to 0.0.0.1 +@24 pass inet from no-route to 0.0.0.1 [ Skip steps: i=end d=end f=27 p=end sa=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@25 pass inet from no-route to 0.0.0.2 +@25 pass inet from no-route to 0.0.0.2 [ Skip steps: i=end d=end f=27 p=end sa=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@26 pass inet from no-route to 0.0.0.3 +@26 pass inet from no-route to 0.0.0.3 [ Skip steps: i=end d=end p=end sa=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@27 pass from no-route to <bar1:*> +@27 pass from no-route to <bar1:*> [ Skip steps: i=end d=end f=end p=end sa=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@28 pass from no-route to <bar2:*> +@28 pass from no-route to <bar2:*> [ Skip steps: i=end d=end f=end p=end sa=end sp=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@29 pass from no-route to <bar3:*> +@29 pass from no-route to <bar3:*> [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf81.ok b/regress/sbin/pfctl/pf81.ok index 6d78ebd82f6..044af7c1434 100644 --- a/regress/sbin/pfctl/pf81.ok +++ b/regress/sbin/pfctl/pf81.ok @@ -1,32 +1,32 @@ ip_list = "{ ::1 ::2 ::3 0.0.0.1 0.0.0.2 0.0.0.3 }" table_list = "{ <bar1> <bar2> <bar3> }" -pass inet6 from (lo0) to ::1 -pass inet6 from (lo0) to ::2 -pass inet6 from (lo0) to ::3 -pass inet from (lo0) to 0.0.0.1 -pass inet from (lo0) to 0.0.0.2 -pass inet from (lo0) to 0.0.0.3 -pass from <foo> to <bar1> -pass from <foo> to <bar2> -pass from <foo> to <bar3> -pass inet6 from <foo> to ::1 -pass inet6 from <foo> to ::2 -pass inet6 from <foo> to ::3 -pass inet from <foo> to 0.0.0.1 -pass inet from <foo> to 0.0.0.2 -pass inet from <foo> to 0.0.0.3 -pass from <foo> to <bar1> -pass from <foo> to <bar2> -pass from <foo> to <bar3> -pass from no-route to <bar1> -pass from no-route to <bar2> -pass from no-route to <bar3> -pass inet6 from no-route to ::1 -pass inet6 from no-route to ::2 -pass inet6 from no-route to ::3 -pass inet from no-route to 0.0.0.1 -pass inet from no-route to 0.0.0.2 -pass inet from no-route to 0.0.0.3 -pass from no-route to <bar1> -pass from no-route to <bar2> -pass from no-route to <bar3> +pass inet6 from (lo0) to ::1 +pass inet6 from (lo0) to ::2 +pass inet6 from (lo0) to ::3 +pass inet from (lo0) to 0.0.0.1 +pass inet from (lo0) to 0.0.0.2 +pass inet from (lo0) to 0.0.0.3 +pass from <foo> to <bar1> +pass from <foo> to <bar2> +pass from <foo> to <bar3> +pass inet6 from <foo> to ::1 +pass inet6 from <foo> to ::2 +pass inet6 from <foo> to ::3 +pass inet from <foo> to 0.0.0.1 +pass inet from <foo> to 0.0.0.2 +pass inet from <foo> to 0.0.0.3 +pass from <foo> to <bar1> +pass from <foo> to <bar2> +pass from <foo> to <bar3> +pass from no-route to <bar1> +pass from no-route to <bar2> +pass from no-route to <bar3> +pass inet6 from no-route to ::1 +pass inet6 from no-route to ::2 +pass inet6 from no-route to ::3 +pass inet from no-route to 0.0.0.1 +pass inet from no-route to 0.0.0.2 +pass inet from no-route to 0.0.0.3 +pass from no-route to <bar1> +pass from no-route to <bar2> +pass from no-route to <bar3> diff --git a/regress/sbin/pfctl/pf82.loaded b/regress/sbin/pfctl/pf82.loaded index 72660626f14..8f3438b1600 100644 --- a/regress/sbin/pfctl/pf82.loaded +++ b/regress/sbin/pfctl/pf82.loaded @@ -1,52 +1,52 @@ -@0 pass inet from (lo0) to any +@0 pass inet from (lo0) to any [ Skip steps: i=end d=end f=3 p=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 pass inet from ! (lo0) to any +@1 pass inet from ! (lo0) to any [ Skip steps: i=end d=end f=3 p=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@2 pass inet from (lo0) to any +@2 pass inet from (lo0) to any [ Skip steps: i=end d=end p=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@3 pass inet6 from (lo0) to any +@3 pass inet6 from (lo0) to any [ Skip steps: i=end d=end p=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@4 pass from <foo:*> to any +@4 pass from <foo:*> to any [ Skip steps: i=end d=end f=7 p=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@5 pass from ! <foo:*> to any +@5 pass from ! <foo:*> to any [ Skip steps: i=end d=end f=7 p=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@6 pass from <foo:*> to any +@6 pass from <foo:*> to any [ Skip steps: i=end d=end p=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@7 pass inet from <bar:*> to any - [ Skip steps: i=end d=end p=end sa=9 sp=end da=end dp=end ] +@7 pass inet from <bar:*> to any + [ Skip steps: i=end d=end p=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@8 pass from <bar:*> to any +@8 pass from <bar:*> to any [ Skip steps: i=end d=end p=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@9 pass inet6 from <foo:*> to any - [ Skip steps: i=end d=end p=end sa=11 sp=end da=end dp=end ] +@9 pass inet6 from <foo:*> to any + [ Skip steps: i=end d=end p=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@10 pass from <foo:*> to any +@10 pass from <foo:*> to any [ Skip steps: i=end d=end p=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@11 pass inet from no-route to any +@11 pass inet from no-route to any [ Skip steps: i=end d=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@12 pass from no-route to any +@12 pass from no-route to any [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf82.ok b/regress/sbin/pfctl/pf82.ok index d58d77240b0..5118b8e46b9 100644 --- a/regress/sbin/pfctl/pf82.ok +++ b/regress/sbin/pfctl/pf82.ok @@ -1,13 +1,13 @@ -pass inet from (lo0) to any -pass inet from ! (lo0) to any -pass inet from (lo0) to any -pass inet6 from (lo0) to any -pass from <foo> to any -pass from ! <foo> to any -pass from <foo> to any -pass inet from <bar> to any -pass from <bar> to any -pass inet6 from <foo> to any -pass from <foo> to any -pass inet from no-route to any -pass from no-route to any +pass inet from (lo0) to any +pass inet from ! (lo0) to any +pass inet from (lo0) to any +pass inet6 from (lo0) to any +pass from <foo> to any +pass from ! <foo> to any +pass from <foo> to any +pass inet from <bar> to any +pass from <bar> to any +pass inet6 from <foo> to any +pass from <foo> to any +pass inet from no-route to any +pass from no-route to any diff --git a/regress/sbin/pfctl/pf9.loaded b/regress/sbin/pfctl/pf9.loaded index fd7a38841ec..10c7a7e20ee 100644 --- a/regress/sbin/pfctl/pf9.loaded +++ b/regress/sbin/pfctl/pf9.loaded @@ -1,8 +1,8 @@ -@0 block drop in on enc0 all +@0 block drop in on enc0 all [ Skip steps: d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] -@1 block drop in on tun0 all +@1 block drop in on tun0 all [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] diff --git a/regress/sbin/pfctl/pf9.ok b/regress/sbin/pfctl/pf9.ok index 7e4c7f27352..30560d8fe72 100644 --- a/regress/sbin/pfctl/pf9.ok +++ b/regress/sbin/pfctl/pf9.ok @@ -1,3 +1,3 @@ interfaces = "{ enc0, tun0 }" -block drop in on enc0 all -block drop in on tun0 all +block drop in on enc0 all +block drop in on tun0 all diff --git a/regress/sbin/pfctl/pfail1.ok b/regress/sbin/pfctl/pfail1.ok index fe80d6911f0..872dc1bebb5 100644 --- a/regress/sbin/pfctl/pfail1.ok +++ b/regress/sbin/pfctl/pfail1.ok @@ -8,5 +8,5 @@ stdin:5: port only applies to tcp/udp stdin:5: skipping rule due to errors stdin:5: rule expands to no valid combination pfctl: Syntax error in config file: pf rules not loaded -pass in all -pass in all +pass in all +pass in all diff --git a/regress/sbin/pfctl/pfail10.ok b/regress/sbin/pfctl/pfail10.ok index a373bdab8cb..afc63f03bcc 100644 --- a/regress/sbin/pfctl/pfail10.ok +++ b/regress/sbin/pfctl/pfail10.ok @@ -1,4 +1,4 @@ stdin:4: Rules must be in order: options, normalization, queueing, translation, filtering pfctl: Syntax error in config file: pf rules not loaded nat on lo0 inet all -> 127.0.0.1 -pass in on lo1 all +pass in on lo1 all diff --git a/regress/sbin/pfctl/pfail11.ok b/regress/sbin/pfctl/pfail11.ok index 53bb7d1ac6e..20a1b6c96e9 100644 --- a/regress/sbin/pfctl/pfail11.ok +++ b/regress/sbin/pfctl/pfail11.ok @@ -4,4 +4,4 @@ stdin:5: Rules must be in order: options, normalization, queueing, translation, pfctl: Syntax error in config file: pf rules not loaded set optimization aggressive set timeout tcp.closing 6 -pass in all +pass in all diff --git a/regress/sbin/pfctl/pfail9.ok b/regress/sbin/pfctl/pfail9.ok index 778d60cfb8e..8dd18de856b 100644 --- a/regress/sbin/pfctl/pfail9.ok +++ b/regress/sbin/pfctl/pfail9.ok @@ -1,4 +1,4 @@ stdin:5: Rules must be in order: options, normalization, queueing, translation, filtering pfctl: Syntax error in config file: pf rules not loaded -scrub in on lo0 all fragment reassemble -pass in on lo1 all +scrub in on lo0 all fragment reassemble +pass in on lo1 all diff --git a/regress/sbin/pfctl/pfopt1.ok b/regress/sbin/pfctl/pfopt1.ok index e7805570caf..992df709ef9 100644 --- a/regress/sbin/pfctl/pfopt1.ok +++ b/regress/sbin/pfctl/pfopt1.ok @@ -1,2 +1,2 @@ extif = "wi0" -block drop in on lo0 all +block drop in on lo0 all diff --git a/regress/sbin/pfctl/pfopt5.ok b/regress/sbin/pfctl/pfopt5.ok index 05342d08ca3..282f63861c8 100644 --- a/regress/sbin/pfctl/pfopt5.ok +++ b/regress/sbin/pfctl/pfopt5.ok @@ -1,7 +1,7 @@ ext_if = "lo0" set block-policy drop set require-order yes -scrub in all fragment reassemble -pass out on lo0 proto tcp from any to any port = ssh keep state queue(pri-med, pri-high) -pass out on lo0 proto tcp from any to any port = www keep state queue pri-med -pass in on lo0 proto tcp from any to any port = www keep state queue pri-low +scrub in all fragment reassemble +pass out on lo0 proto tcp from any to any port = ssh keep state queue(pri-med, pri-high) +pass out on lo0 proto tcp from any to any port = www keep state queue pri-med +pass in on lo0 proto tcp from any to any port = www keep state queue pri-low |