diff options
Diffstat (limited to 'regress/sbin')
-rw-r--r-- | regress/sbin/pfctl/binat1.ok | 8 | ||||
-rw-r--r-- | regress/sbin/pfctl/pf1.ok | 2 | ||||
-rw-r--r-- | regress/sbin/pfctl/pf2.in | 4 | ||||
-rw-r--r-- | regress/sbin/pfctl/pf2.ok | 20 | ||||
-rw-r--r-- | regress/sbin/pfctl/pf4.ok | 72 | ||||
-rw-r--r-- | regress/sbin/pfctl/pf5.ok | 16 | ||||
-rw-r--r-- | regress/sbin/pfctl/pf7.in | 4 | ||||
-rw-r--r-- | regress/sbin/pfctl/pf7.ok | 20 | ||||
-rw-r--r-- | regress/sbin/pfctl/pf8.ok | 4 |
9 files changed, 75 insertions, 75 deletions
diff --git a/regress/sbin/pfctl/binat1.ok b/regress/sbin/pfctl/binat1.ok index 390c11fda26..2e7c6d39f54 100644 --- a/regress/sbin/pfctl/binat1.ok +++ b/regress/sbin/pfctl/binat1.ok @@ -2,7 +2,7 @@ @binat on fxp0 proto tcp from 192.168.1.2 to any -> 10.0.0.2 @binat on fxp0 proto udp from 192.168.1.3 to any -> 10.0.0.3 @binat on fxp0 proto icmp from 192.168.1.4 to any -> 10.0.0.4 -@binat on fxp0 from 192.168.1.5 to 172.16.1.1 -> 10.0.0.5 -@binat on fxp0 from 192.168.1.6 to 172.16.1.2 -> 10.0.0.6 -@binat on fxp0 from 192.168.1.7 to 172.16.2.0/255.255.255.0 -> 10.0.0.7 -@binat on fxp0 from 192.168.1.8 to ! 172.17.0.0/255.255.0.0 -> 10.0.0.8 +@binat on fxp0 from 192.168.1.5 to 172.16.1.1/32 -> 10.0.0.5 +@binat on fxp0 from 192.168.1.6 to 172.16.1.2/32 -> 10.0.0.6 +@binat on fxp0 from 192.168.1.7 to 172.16.2.0/24 -> 10.0.0.7 +@binat on fxp0 from 192.168.1.8 to ! 172.17.0.0/16 -> 10.0.0.8 diff --git a/regress/sbin/pfctl/pf1.ok b/regress/sbin/pfctl/pf1.ok index dd6719b7a3a..54f1c380251 100644 --- a/regress/sbin/pfctl/pf1.ok +++ b/regress/sbin/pfctl/pf1.ok @@ -2,4 +2,4 @@ @0 pass in all @0 pass in proto tcp from any port <= 1024 to any @0 pass in proto tcp from any to any port = smtp -@0 pass in proto tcp from 10.0.0.0/255.0.0.0 port > 1024 to ! 10.1.2.3 port != ssh +@0 pass in inet proto tcp from 10.0.0.0/8 port > 1024 to ! 10.1.2.3/32 port != ssh diff --git a/regress/sbin/pfctl/pf2.in b/regress/sbin/pfctl/pf2.in index dda840a4ca0..122f320a86e 100644 --- a/regress/sbin/pfctl/pf2.in +++ b/regress/sbin/pfctl/pf2.in @@ -17,8 +17,8 @@ block in log quick on kue0 from 172.16.0.0/12 to any block in log quick on kue0 from 192.168.0.0/16 to any block in log quick on kue0 from 255.255.255.255/32 to any -pass out on kue0 proto icmp all icmp-type 8 code 0 keep state -pass in on kue0 proto icmp all icmp-type 8 code 0 keep state +pass out on kue0 inet proto icmp all icmp-type 8 code 0 keep state +pass in on kue0 inet proto icmp all icmp-type 8 code 0 keep state pass out on kue0 proto udp all keep state diff --git a/regress/sbin/pfctl/pf2.ok b/regress/sbin/pfctl/pf2.ok index d4b2d22cc8c..3e601bb7e4a 100644 --- a/regress/sbin/pfctl/pf2.ok +++ b/regress/sbin/pfctl/pf2.ok @@ -2,16 +2,16 @@ @0 block in log on kue0 all @0 block return-rst out log on kue0 proto tcp all @0 block return-rst in log on kue0 proto tcp all -@0 block return-icmp out log on kue0 proto udp all -@0 block return-icmp in log on kue0 proto udp all -@0 block out log quick on kue0 from ! 157.161.48.183 to any -@0 block in quick on kue0 from any to 255.255.255.255 -@0 block in log quick on kue0 from 10.0.0.0/255.0.0.0 to any -@0 block in log quick on kue0 from 172.16.0.0/255.240.0.0 to any -@0 block in log quick on kue0 from 192.168.0.0/255.255.0.0 to any -@0 block in log quick on kue0 from 255.255.255.255 to any -@0 pass out on kue0 proto icmp all icmp-type echoreq code 0 keep state -@0 pass in on kue0 proto icmp all icmp-type echoreq code 0 keep state +@0 block return-icmp(3,3) out log on kue0 proto udp all +@0 block return-icmp(3,3) in log on kue0 proto udp all +@0 block out log quick on kue0 inet from ! 157.161.48.183/32 to any +@0 block in quick on kue0 inet from any to 255.255.255.255/32 +@0 block in log quick on kue0 inet from 10.0.0.0/8 to any +@0 block in log quick on kue0 inet from 172.16.0.0/12 to any +@0 block in log quick on kue0 inet from 192.168.0.0/16 to any +@0 block in log quick on kue0 inet from 255.255.255.255/32 to any +@0 pass out on kue0 inet proto icmp all icmp-type echoreq code 0 keep state +@0 pass in on kue0 inet proto icmp all icmp-type echoreq code 0 keep state @0 pass out on kue0 proto udp all keep state @0 pass in on kue0 proto udp from any to any port = domain keep state @0 pass out on kue0 proto tcp all keep state diff --git a/regress/sbin/pfctl/pf4.ok b/regress/sbin/pfctl/pf4.ok index 12ba48c1756..12924cea306 100644 --- a/regress/sbin/pfctl/pf4.ok +++ b/regress/sbin/pfctl/pf4.ok @@ -3,44 +3,44 @@ @0 block in proto udp all @0 block in proto tcp all @0 block in all -@0 block in from 10.0.0.0/255.0.0.0 to any -@0 block in from ! 10.0.0.0/255.0.0.0 to any -@0 block in from 172.16.0.0/255.240.0.0 to any -@0 block in from 10.0.0.0/255.0.0.0 to any +@0 block in inet from 10.0.0.0/8 to any +@0 block in inet from ! 10.0.0.0/8 to any +@0 block in inet from 172.16.0.0/12 to any +@0 block in inet from 10.0.0.0/8 to any @0 block in proto tcp from any port = ssh to any @0 block in proto tcp from any port >= 80 to any @0 block in proto tcp from any port != 1234 to any @0 block in proto tcp from any port 21 >< 2048 to any @0 block in proto tcp from any port = ssh to any -@0 block in proto udp from 172.16.0.0/255.240.0.0 port = 21 to 12.34.56.78 port = 6668 keep state -@0 block in proto udp from 172.16.0.0/255.240.0.0 port = 21 to 12.34.56.78 port = 6667 keep state -@0 block in proto udp from 172.16.0.0/255.240.0.0 port = 21 to 192.168.0.0/255.255.0.0 port = 6668 keep state -@0 block in proto udp from 172.16.0.0/255.240.0.0 port = 21 to 192.168.0.0/255.255.0.0 port = 6667 keep state -@0 block in proto udp from 172.16.0.0/255.240.0.0 port = ssh to 12.34.56.78 port = 6668 keep state -@0 block in proto udp from 172.16.0.0/255.240.0.0 port = ssh to 12.34.56.78 port = 6667 keep state -@0 block in proto udp from 172.16.0.0/255.240.0.0 port = ssh to 192.168.0.0/255.255.0.0 port = 6668 keep state -@0 block in proto udp from 172.16.0.0/255.240.0.0 port = ssh to 192.168.0.0/255.255.0.0 port = 6667 keep state -@0 block in proto udp from 10.0.0.0/255.0.0.0 port = 21 to 12.34.56.78 port = 6668 keep state -@0 block in proto udp from 10.0.0.0/255.0.0.0 port = 21 to 12.34.56.78 port = 6667 keep state -@0 block in proto udp from 10.0.0.0/255.0.0.0 port = 21 to 192.168.0.0/255.255.0.0 port = 6668 keep state -@0 block in proto udp from 10.0.0.0/255.0.0.0 port = 21 to 192.168.0.0/255.255.0.0 port = 6667 keep state -@0 block in proto udp from 10.0.0.0/255.0.0.0 port = ssh to 12.34.56.78 port = 6668 keep state -@0 block in proto udp from 10.0.0.0/255.0.0.0 port = ssh to 12.34.56.78 port = 6667 keep state -@0 block in proto udp from 10.0.0.0/255.0.0.0 port = ssh to 192.168.0.0/255.255.0.0 port = 6668 keep state -@0 block in proto udp from 10.0.0.0/255.0.0.0 port = ssh to 192.168.0.0/255.255.0.0 port = 6667 keep state -@0 block in proto tcp from 172.16.0.0/255.240.0.0 port = ftp to 12.34.56.78 port = 6668 keep state -@0 block in proto tcp from 172.16.0.0/255.240.0.0 port = ftp to 12.34.56.78 port = 6667 keep state -@0 block in proto tcp from 172.16.0.0/255.240.0.0 port = ftp to 192.168.0.0/255.255.0.0 port = 6668 keep state -@0 block in proto tcp from 172.16.0.0/255.240.0.0 port = ftp to 192.168.0.0/255.255.0.0 port = 6667 keep state -@0 block in proto tcp from 172.16.0.0/255.240.0.0 port = ssh to 12.34.56.78 port = 6668 keep state -@0 block in proto tcp from 172.16.0.0/255.240.0.0 port = ssh to 12.34.56.78 port = 6667 keep state -@0 block in proto tcp from 172.16.0.0/255.240.0.0 port = ssh to 192.168.0.0/255.255.0.0 port = 6668 keep state -@0 block in proto tcp from 172.16.0.0/255.240.0.0 port = ssh to 192.168.0.0/255.255.0.0 port = 6667 keep state -@0 block in proto tcp from 10.0.0.0/255.0.0.0 port = ftp to 12.34.56.78 port = 6668 keep state -@0 block in proto tcp from 10.0.0.0/255.0.0.0 port = ftp to 12.34.56.78 port = 6667 keep state -@0 block in proto tcp from 10.0.0.0/255.0.0.0 port = ftp to 192.168.0.0/255.255.0.0 port = 6668 keep state -@0 block in proto tcp from 10.0.0.0/255.0.0.0 port = ftp to 192.168.0.0/255.255.0.0 port = 6667 keep state -@0 block in proto tcp from 10.0.0.0/255.0.0.0 port = ssh to 12.34.56.78 port = 6668 keep state -@0 block in proto tcp from 10.0.0.0/255.0.0.0 port = ssh to 12.34.56.78 port = 6667 keep state -@0 block in proto tcp from 10.0.0.0/255.0.0.0 port = ssh to 192.168.0.0/255.255.0.0 port = 6668 keep state -@0 block in proto tcp from 10.0.0.0/255.0.0.0 port = ssh to 192.168.0.0/255.255.0.0 port = 6667 keep state +@0 block in inet proto udp from 172.16.0.0/12 port = 21 to 12.34.56.78/32 port = 6668 keep state +@0 block in inet proto udp from 172.16.0.0/12 port = 21 to 12.34.56.78/32 port = 6667 keep state +@0 block in inet proto udp from 172.16.0.0/12 port = 21 to 192.168.0.0/16 port = 6668 keep state +@0 block in inet proto udp from 172.16.0.0/12 port = 21 to 192.168.0.0/16 port = 6667 keep state +@0 block in inet proto udp from 172.16.0.0/12 port = ssh to 12.34.56.78/32 port = 6668 keep state +@0 block in inet proto udp from 172.16.0.0/12 port = ssh to 12.34.56.78/32 port = 6667 keep state +@0 block in inet proto udp from 172.16.0.0/12 port = ssh to 192.168.0.0/16 port = 6668 keep state +@0 block in inet proto udp from 172.16.0.0/12 port = ssh to 192.168.0.0/16 port = 6667 keep state +@0 block in inet proto udp from 10.0.0.0/8 port = 21 to 12.34.56.78/32 port = 6668 keep state +@0 block in inet proto udp from 10.0.0.0/8 port = 21 to 12.34.56.78/32 port = 6667 keep state +@0 block in inet proto udp from 10.0.0.0/8 port = 21 to 192.168.0.0/16 port = 6668 keep state +@0 block in inet proto udp from 10.0.0.0/8 port = 21 to 192.168.0.0/16 port = 6667 keep state +@0 block in inet proto udp from 10.0.0.0/8 port = ssh to 12.34.56.78/32 port = 6668 keep state +@0 block in inet proto udp from 10.0.0.0/8 port = ssh to 12.34.56.78/32 port = 6667 keep state +@0 block in inet proto udp from 10.0.0.0/8 port = ssh to 192.168.0.0/16 port = 6668 keep state +@0 block in inet proto udp from 10.0.0.0/8 port = ssh to 192.168.0.0/16 port = 6667 keep state +@0 block in inet proto tcp from 172.16.0.0/12 port = ftp to 12.34.56.78/32 port = 6668 keep state +@0 block in inet proto tcp from 172.16.0.0/12 port = ftp to 12.34.56.78/32 port = 6667 keep state +@0 block in inet proto tcp from 172.16.0.0/12 port = ftp to 192.168.0.0/16 port = 6668 keep state +@0 block in inet proto tcp from 172.16.0.0/12 port = ftp to 192.168.0.0/16 port = 6667 keep state +@0 block in inet proto tcp from 172.16.0.0/12 port = ssh to 12.34.56.78/32 port = 6668 keep state +@0 block in inet proto tcp from 172.16.0.0/12 port = ssh to 12.34.56.78/32 port = 6667 keep state +@0 block in inet proto tcp from 172.16.0.0/12 port = ssh to 192.168.0.0/16 port = 6668 keep state +@0 block in inet proto tcp from 172.16.0.0/12 port = ssh to 192.168.0.0/16 port = 6667 keep state +@0 block in inet proto tcp from 10.0.0.0/8 port = ftp to 12.34.56.78/32 port = 6668 keep state +@0 block in inet proto tcp from 10.0.0.0/8 port = ftp to 12.34.56.78/32 port = 6667 keep state +@0 block in inet proto tcp from 10.0.0.0/8 port = ftp to 192.168.0.0/16 port = 6668 keep state +@0 block in inet proto tcp from 10.0.0.0/8 port = ftp to 192.168.0.0/16 port = 6667 keep state +@0 block in inet proto tcp from 10.0.0.0/8 port = ssh to 12.34.56.78/32 port = 6668 keep state +@0 block in inet proto tcp from 10.0.0.0/8 port = ssh to 12.34.56.78/32 port = 6667 keep state +@0 block in inet proto tcp from 10.0.0.0/8 port = ssh to 192.168.0.0/16 port = 6668 keep state +@0 block in inet proto tcp from 10.0.0.0/8 port = ssh to 192.168.0.0/16 port = 6667 keep state diff --git a/regress/sbin/pfctl/pf5.ok b/regress/sbin/pfctl/pf5.ok index 1578a47c421..c059b3a32be 100644 --- a/regress/sbin/pfctl/pf5.ok +++ b/regress/sbin/pfctl/pf5.ok @@ -1,11 +1,11 @@ foo = ssh, ftp bar = other thing inside = 10.0.0.0/8 -@0 block in proto udp from 10.0.0.0/255.0.0.0 port = 113 to 12.34.56.78 port = 16 keep state -@0 block in proto udp from 10.0.0.0/255.0.0.0 port = 113 to 12.34.56.78 port = 6667 keep state -@0 block in proto udp from 10.0.0.0/255.0.0.0 port = 21 to 12.34.56.78 port = 16 keep state -@0 block in proto udp from 10.0.0.0/255.0.0.0 port = 21 to 12.34.56.78 port = 6667 keep state -@0 block in proto udp from 10.0.0.0/255.0.0.0 port = ssh to 12.34.56.78 port = 16 keep state -@0 block in proto udp from 10.0.0.0/255.0.0.0 port = ssh to 12.34.56.78 port = 6667 keep state -@0 block in proto udp from 10.0.0.0/255.0.0.0 port = echo to 12.34.56.78 port = 16 keep state -@0 block in proto udp from 10.0.0.0/255.0.0.0 port = echo to 12.34.56.78 port = 6667 keep state +@0 block in inet proto udp from 10.0.0.0/8 port = 113 to 12.34.56.78/32 port = 16 keep state +@0 block in inet proto udp from 10.0.0.0/8 port = 113 to 12.34.56.78/32 port = 6667 keep state +@0 block in inet proto udp from 10.0.0.0/8 port = 21 to 12.34.56.78/32 port = 16 keep state +@0 block in inet proto udp from 10.0.0.0/8 port = 21 to 12.34.56.78/32 port = 6667 keep state +@0 block in inet proto udp from 10.0.0.0/8 port = ssh to 12.34.56.78/32 port = 16 keep state +@0 block in inet proto udp from 10.0.0.0/8 port = ssh to 12.34.56.78/32 port = 6667 keep state +@0 block in inet proto udp from 10.0.0.0/8 port = echo to 12.34.56.78/32 port = 16 keep state +@0 block in inet proto udp from 10.0.0.0/8 port = echo to 12.34.56.78/32 port = 6667 keep state diff --git a/regress/sbin/pfctl/pf7.in b/regress/sbin/pfctl/pf7.in index de7ecf6aee6..4aeee744e03 100644 --- a/regress/sbin/pfctl/pf7.in +++ b/regress/sbin/pfctl/pf7.in @@ -17,8 +17,8 @@ block in log quick on kue0 from 172.16.0.0/12 to any block in log quick on kue0 from 192.168.0.0/16 to any block in log quick on kue0 from 255.255.255.255/32 to any -pass out on kue0 proto icmp all icmp-type 8 code 0 keep state -pass in on kue0 proto icmp all icmp-type 8 code 0 keep state +pass out on kue0 inet proto icmp all icmp-type 8 code 0 keep state +pass in on kue0 inet proto icmp all icmp-type 8 code 0 keep state pass out on kue0 proto udp all keep state diff --git a/regress/sbin/pfctl/pf7.ok b/regress/sbin/pfctl/pf7.ok index 3e22e8d788a..5221ef4f9b5 100644 --- a/regress/sbin/pfctl/pf7.ok +++ b/regress/sbin/pfctl/pf7.ok @@ -2,16 +2,16 @@ @0 block in log on kue0 all @0 block return-rst out log on kue0 proto tcp all @0 block return-rst in log on kue0 proto tcp all -@0 block return-icmp out log on kue0 proto udp all -@0 block return-icmp in log on kue0 proto udp all -@0 block out log quick on kue0 from ! 157.161.48.183 to any -@0 block in quick on kue0 from any to 255.255.255.255 -@0 block in log quick on kue0 from 10.0.0.0/255.0.0.0 to any -@0 block in log quick on kue0 from 172.16.0.0/255.240.0.0 to any -@0 block in log quick on kue0 from 192.168.0.0/255.255.0.0 to any -@0 block in log quick on kue0 from 255.255.255.255 to any -@0 pass out on kue0 proto icmp all icmp-type echoreq code 0 keep state -@0 pass in on kue0 proto icmp all icmp-type echoreq code 0 keep state +@0 block return-icmp(3,3) out log on kue0 proto udp all +@0 block return-icmp(3,3) in log on kue0 proto udp all +@0 block out log quick on kue0 inet from ! 157.161.48.183/32 to any +@0 block in quick on kue0 inet from any to 255.255.255.255/32 +@0 block in log quick on kue0 inet from 10.0.0.0/8 to any +@0 block in log quick on kue0 inet from 172.16.0.0/12 to any +@0 block in log quick on kue0 inet from 192.168.0.0/16 to any +@0 block in log quick on kue0 inet from 255.255.255.255/32 to any +@0 pass out on kue0 inet proto icmp all icmp-type echoreq code 0 keep state +@0 pass in on kue0 inet proto icmp all icmp-type echoreq code 0 keep state @0 pass out on kue0 proto udp all keep state @0 pass in on kue0 proto udp from any to any port = domain keep state @0 pass out on kue0 proto tcp all modulate state diff --git a/regress/sbin/pfctl/pf8.ok b/regress/sbin/pfctl/pf8.ok index 13e0710887f..e92b48fbf68 100644 --- a/regress/sbin/pfctl/pf8.ok +++ b/regress/sbin/pfctl/pf8.ok @@ -1,3 +1,3 @@ extern = { ! 10.0.0.0/8, 10.1.2.3 } -@0 block out log on rl0 from 10.1.2.3 to any -@0 block out log on rl0 from ! 10.0.0.0/255.0.0.0 to any +@0 block out log on rl0 inet from 10.1.2.3/32 to any +@0 block out log on rl0 inet from ! 10.0.0.0/8 to any |