diff options
-rw-r--r-- | regress/sbin/pfctl/pf31.ok | 4 | ||||
-rw-r--r-- | regress/sbin/pfctl/pf51.ok | 4 | ||||
-rw-r--r-- | regress/sbin/pfctl/pf80.ok | 8 | ||||
-rw-r--r-- | regress/sbin/pfctl/pfail1.ok | 2 | ||||
-rw-r--r-- | regress/sbin/pfctl/pfail10.ok | 2 | ||||
-rw-r--r-- | regress/sbin/pfctl/pfail11.ok | 1 | ||||
-rw-r--r-- | regress/sbin/pfctl/pfail19.ok | 5 | ||||
-rw-r--r-- | regress/sbin/pfctl/pfail20.ok | 2 | ||||
-rw-r--r-- | regress/sbin/pfctl/pfail25.ok | 1 | ||||
-rw-r--r-- | regress/sbin/pfctl/pfail44.ok | 1 | ||||
-rw-r--r-- | regress/sbin/pfctl/pfail49.ok | 4 | ||||
-rw-r--r-- | regress/sbin/pfctl/pfail50.ok | 12 | ||||
-rw-r--r-- | regress/sbin/pfctl/pfail9.ok | 2 | ||||
-rw-r--r-- | regress/sbin/pfctl/pfopt4.ok | 2 |
14 files changed, 9 insertions, 41 deletions
diff --git a/regress/sbin/pfctl/pf31.ok b/regress/sbin/pfctl/pf31.ok index 1e404a681d5..d04aebc51e1 100644 --- a/regress/sbin/pfctl/pf31.ok +++ b/regress/sbin/pfctl/pf31.ok @@ -1,4 +1,6 @@ set block-policy drop +set require-order no +set block-policy return block return in on lo0 all block return in on lo0 inet all block return in on lo0 inet6 all @@ -8,8 +10,6 @@ block drop in on lo0 inet6 all block drop in on lo0 all block drop in on lo0 inet all block drop in on lo0 inet6 all -set require-order no -set block-policy return block return in on lo0 all block return in on lo0 inet all block return in on lo0 inet6 all diff --git a/regress/sbin/pfctl/pf51.ok b/regress/sbin/pfctl/pf51.ok index 9daafb1ed4a..5bbf6af7b3b 100644 --- a/regress/sbin/pfctl/pf51.ok +++ b/regress/sbin/pfctl/pf51.ok @@ -1,6 +1,6 @@ -pass in on lo0 all flags S/SA keep state set require-order no -nat on lo0 inet all -> 127.0.0.1 altq on lo0 cbq bandwidth 10Mb tbrsize 1824 queue { toad frog } queue toad bandwidth 1Mb queue frog bandwidth 90% cbq( default ) +nat on lo0 inet all -> 127.0.0.1 +pass in on lo0 all flags S/SA keep state diff --git a/regress/sbin/pfctl/pf80.ok b/regress/sbin/pfctl/pf80.ok index b21bcca4b3f..10c1300907b 100644 --- a/regress/sbin/pfctl/pf80.ok +++ b/regress/sbin/pfctl/pf80.ok @@ -1,9 +1,9 @@ nat pass on lo0 inet from 10.0.0.0/8 to 172.16.0.0/16 -> 172.16.0.1 -rdr pass on lo0 inet proto tcp from any to 1.2.3.4 port = www -> 127.0.0.1 port 8080 -binat pass on lo0 inet from 10.0.0.0/8 to 11.0.0.0/8 -> 12.0.0.0/8 nat pass log on lo0 inet from 10.0.0.0/8 to 172.16.0.0/16 -> 172.16.0.1 -rdr pass log on lo0 inet proto tcp from any to 1.2.3.4 port = www -> 127.0.0.1 port 8080 -binat pass log on lo0 inet from 10.0.0.0/8 to 11.0.0.0/8 -> 12.0.0.0/8 nat pass log (all) on lo0 inet from 10.0.0.0/8 to 172.16.0.0/16 -> 172.16.0.1 +rdr pass on lo0 inet proto tcp from any to 1.2.3.4 port = www -> 127.0.0.1 port 8080 +rdr pass log on lo0 inet proto tcp from any to 1.2.3.4 port = www -> 127.0.0.1 port 8080 rdr pass log (all) on lo0 inet proto tcp from any to 1.2.3.4 port = www -> 127.0.0.1 port 8080 +binat pass on lo0 inet from 10.0.0.0/8 to 11.0.0.0/8 -> 12.0.0.0/8 +binat pass log on lo0 inet from 10.0.0.0/8 to 11.0.0.0/8 -> 12.0.0.0/8 binat pass log (all) on lo0 inet from 10.0.0.0/8 to 11.0.0.0/8 -> 12.0.0.0/8 diff --git a/regress/sbin/pfctl/pfail1.ok b/regress/sbin/pfctl/pfail1.ok index d640b357c2a..fbeacf9479c 100644 --- a/regress/sbin/pfctl/pfail1.ok +++ b/regress/sbin/pfctl/pfail1.ok @@ -7,5 +7,3 @@ stdin:4: rule expands to no valid combination stdin:5: port only applies to tcp/udp stdin:5: skipping rule due to errors stdin:5: rule expands to no valid combination -pass in all flags S/SA keep state -pass in all flags S/SA keep state diff --git a/regress/sbin/pfctl/pfail10.ok b/regress/sbin/pfctl/pfail10.ok index 1ee4647fa33..c1bc4ed5792 100644 --- a/regress/sbin/pfctl/pfail10.ok +++ b/regress/sbin/pfctl/pfail10.ok @@ -1,3 +1 @@ stdin:4: Rules must be in order: options, normalization, queueing, translation, filtering -nat on lo0 inet all -> 127.0.0.1 -pass in on lo1000000 all flags S/SA keep state diff --git a/regress/sbin/pfctl/pfail11.ok b/regress/sbin/pfctl/pfail11.ok index 4a43183476e..12ebb3e0da6 100644 --- a/regress/sbin/pfctl/pfail11.ok +++ b/regress/sbin/pfctl/pfail11.ok @@ -3,4 +3,3 @@ stdin:4: Rules must be in order: options, normalization, queueing, translation, stdin:5: Rules must be in order: options, normalization, queueing, translation, filtering set optimization aggressive set timeout tcp.closing 6 -pass in all flags S/SA keep state diff --git a/regress/sbin/pfctl/pfail19.ok b/regress/sbin/pfctl/pfail19.ok index 2b0cd960c0f..ba4a4e7dcb8 100644 --- a/regress/sbin/pfctl/pfail19.ok +++ b/regress/sbin/pfctl/pfail19.ok @@ -1,7 +1,2 @@ stdin:4: invalid use of table <sometable> as the redirect address of a binat rule stdin:5: invalid use of table <sometable> as the source address of a binat rule -rdr on lo0 all -> <sometable> round-robin -nat on lo0 all -> <sometable> round-robin -pass in dup-to (lo0 <sometable>) round-robin all flags S/SA keep state -pass in route-to (lo0 <sometable>) round-robin all flags S/SA keep state -pass in reply-to (lo0 <sometable>) round-robin all flags S/SA keep state diff --git a/regress/sbin/pfctl/pfail20.ok b/regress/sbin/pfctl/pfail20.ok index b67e8873ac9..5296c66dbe0 100644 --- a/regress/sbin/pfctl/pfail20.ok +++ b/regress/sbin/pfctl/pfail20.ok @@ -1,3 +1 @@ stdin:5: rule expands to no valid combination -rdr on lo0 all -> (lo0) round-robin -nat on lo0 from (lo0) to any -> (lo0) round-robin diff --git a/regress/sbin/pfctl/pfail25.ok b/regress/sbin/pfctl/pfail25.ok index 4dbb8c1d9fa..1c4e7ea47e9 100644 --- a/regress/sbin/pfctl/pfail25.ok +++ b/regress/sbin/pfctl/pfail25.ok @@ -8,4 +8,3 @@ stdin:8: fragcache cannot be respecified stdin:9: fragcache cannot be respecified stdin:10: fragcache cannot be respecified stdin:11: random-id cannot be respecified -scrub in on ! lo0 all fragment reassemble diff --git a/regress/sbin/pfctl/pfail44.ok b/regress/sbin/pfctl/pfail44.ok index 71c3486dca4..895152de3c0 100644 --- a/regress/sbin/pfctl/pfail44.ok +++ b/regress/sbin/pfctl/pfail44.ok @@ -3,4 +3,3 @@ stdin:6: errors in queue definition ext_if = "lo0" altq on lo0 cbq bandwidth 512Kb tbrsize 33224 queue { q_ext_std } queue root_lo0 priority 0 cbq( wrr root ) -pass in all flags S/SA keep state diff --git a/regress/sbin/pfctl/pfail49.ok b/regress/sbin/pfctl/pfail49.ok index fe853162e9d..b8f29176126 100644 --- a/regress/sbin/pfctl/pfail49.ok +++ b/regress/sbin/pfctl/pfail49.ok @@ -1,6 +1,2 @@ stdin:8: invalid interface name '10.1.2.3' stdin:9: invalid interface name '10.1.2.3:0' -nat on lo0 all -> (lo0) round-robin -nat on lo0 all -> (lo0:0) -nat on lo0 all -> (nonexistant0) round-robin -nat on lo0 all -> (nonexistant0:0) diff --git a/regress/sbin/pfctl/pfail50.ok b/regress/sbin/pfctl/pfail50.ok index cdce071999a..931abbf2628 100644 --- a/regress/sbin/pfctl/pfail50.ok +++ b/regress/sbin/pfctl/pfail50.ok @@ -3,15 +3,3 @@ stdin:19: syntax error stdin:20: flags always false stdin:21: flags always false stdin:22: flags always false -pass proto tcp all flags F/F keep state -pass proto tcp all flags S/S keep state -pass proto tcp all flags R/R keep state -pass proto tcp all flags P/P keep state -pass proto tcp all flags A/A keep state -pass proto tcp all flags U/U keep state -pass proto tcp all flags E/E keep state -pass proto tcp all flags W/W keep state -pass proto tcp all flags FSRPAUEW/FSRPAUEW keep state -pass proto tcp all flags /FSRPAUEW keep state -pass proto tcp all flags S/FSRA keep state -pass proto tcp all flags /SA keep state diff --git a/regress/sbin/pfctl/pfail9.ok b/regress/sbin/pfctl/pfail9.ok index bb73d32de2a..d9cb15cc062 100644 --- a/regress/sbin/pfctl/pfail9.ok +++ b/regress/sbin/pfctl/pfail9.ok @@ -1,3 +1 @@ stdin:5: Rules must be in order: options, normalization, queueing, translation, filtering -scrub in on lo0 all fragment reassemble -pass in on lo1000000 all flags S/SA keep state diff --git a/regress/sbin/pfctl/pfopt4.ok b/regress/sbin/pfctl/pfopt4.ok index cabe3a56275..a06225d4e1b 100644 --- a/regress/sbin/pfctl/pfopt4.ok +++ b/regress/sbin/pfctl/pfopt4.ok @@ -2,6 +2,6 @@ ext_if = "lo0" set limit states 100 set block-policy drop set require-order yes -rdr on lo0 inet all -> 127.0.0.1 nat on lo0 inet all -> 127.0.0.1 +rdr on lo0 inet all -> 127.0.0.1 binat on lo0 inet from 192.168.0.0/24 to 192.168.0.0/24 -> 192.168.0.0/24 |