summaryrefslogtreecommitdiff
path: root/regress/sbin/pfctl/pf89.optimized
diff options
context:
space:
mode:
Diffstat (limited to 'regress/sbin/pfctl/pf89.optimized')
-rw-r--r--regress/sbin/pfctl/pf89.optimized40
1 files changed, 40 insertions, 0 deletions
diff --git a/regress/sbin/pfctl/pf89.optimized b/regress/sbin/pfctl/pf89.optimized
new file mode 100644
index 00000000000..72fa1d69dd7
--- /dev/null
+++ b/regress/sbin/pfctl/pf89.optimized
@@ -0,0 +1,40 @@
+@0 block drop all
+ [ Skip steps: i=5 d=2 f=5 p=2 sp=end da=5 dp=5 ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@1 block drop quick from <bad:0> to any
+ [ Skip steps: i=5 f=5 sp=end da=5 dp=5 ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@2 pass out proto tcp all flags S/SA keep state
+ [ Skip steps: i=5 d=5 f=5 sa=end sp=end da=5 dp=5 ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@3 pass out proto icmp all keep state
+ [ Skip steps: i=5 d=5 f=5 sa=end sp=end da=5 dp=5 ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@4 pass out proto udp all keep state
+ [ Skip steps: sa=end sp=end ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@5 pass in on lo1000001 inet proto tcp from any to 10.0.0.1 port = ssh flags S/SA keep state (source-track rule, max-src-conn 10, max-src-conn-rate 3/99, src.track 99)
+ [ Skip steps: i=8 d=end f=end p=end sa=end sp=end dp=8 ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@6 pass in on lo1000001 inet proto tcp from any to 10.0.0.2 port = ssh flags S/SA keep state (source-track rule, max-src-conn 10)
+ [ Skip steps: i=8 d=end f=end p=end sa=end sp=end dp=8 ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@7 pass in on lo1000001 inet proto tcp from any to 10.0.0.3 port = ssh flags S/SA keep state (source-track rule, max-src-conn-rate 3/99, src.track 99)
+ [ Skip steps: d=end f=end p=end sa=end sp=end ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@8 pass in on lo1000000 inet proto tcp from any to 10.0.0.1 port = www flags S/SA modulate state (source-track rule, max-src-conn 100, max-src-conn-rate 10/5, overload <bad> flush, src.track 5)
+ [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
+@9 pass in on lo1000000 inet proto tcp from any to 10.0.0.1 port = 8080 flags S/SA synproxy state (source-track rule, max-src-conn 1000, max-src-conn-rate 1000/5, overload <bad> flush global, src.track 5)
+ [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
+ [ queue: qname= qid=0 pqname= pqid=0 ]
+ [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-04 13:01:18 +0000