diff options
Diffstat (limited to 'regress')
29 files changed, 267 insertions, 267 deletions
diff --git a/regress/sbin/pfctl/pf1.ok b/regress/sbin/pfctl/pf1.ok index 6b29c9f10e0..f63c32af656 100644 --- a/regress/sbin/pfctl/pf1.ok +++ b/regress/sbin/pfctl/pf1.ok @@ -1,8 +1,8 @@ -@0 pass in all -@1 pass in all -@2 pass in proto tcp from any port <= 1024 to any label foo_bar -@3 pass in proto tcp from any to any port = smtp -@4 pass in inet proto tcp from 10.0.0.0/8 port > 1024 to ! 10.1.2.3 port != ssh -@5 pass in inet proto igmp from 10.0.0.0/8 to 10.1.1.1 allow-opts -@6 pass in inet proto tcp from 1.2.3.4 to any label 6:tcp:1.2.3.4::any: -@7 pass in inet proto tcp from 1.2.3.5 to any label 7:tcp:1.2.3.5::any: +pass in all +pass in all +pass in proto tcp from any port <= 1024 to any label foo_bar +pass in proto tcp from any to any port = smtp +pass in inet proto tcp from 10.0.0.0/8 port > 1024 to ! 10.1.2.3 port != ssh +pass in inet proto igmp from 10.0.0.0/8 to 10.1.1.1 allow-opts +pass in inet proto tcp from 1.2.3.4 to any label 6:tcp:1.2.3.4::any: +pass in inet proto tcp from 1.2.3.5 to any label 7:tcp:1.2.3.5::any: diff --git a/regress/sbin/pfctl/pf10.ok b/regress/sbin/pfctl/pf10.ok index 583d28b5d47..df8c6c8a4f3 100644 --- a/regress/sbin/pfctl/pf10.ok +++ b/regress/sbin/pfctl/pf10.ok @@ -1,30 +1,30 @@ -@0 pass in inet proto icmp all -@1 pass in inet6 proto ipv6-icmp all -@2 block in inet proto icmp all -@3 block in inet6 proto ipv6-icmp all -@4 block return-rst in inet proto tcp all -@5 block return-rst in inet6 proto tcp all -@6 block return-rst(ttl 10) in inet proto tcp all -@7 block return-rst(ttl 10) in inet6 proto tcp all -@8 block return-icmp(port-unr) in inet proto icmp all -@9 block return-icmp(net-unr) in inet proto icmp all -@10 block return-icmp(net-unr) in inet proto icmp all -@11 block return-icmp(srcfail) in inet proto icmp all -@12 block return-icmp(srcfail) in inet proto icmp all -@13 block return-icmp(host-prohib) in inet proto icmp all -@14 block return-icmp(host-prohib) in inet proto icmp all -@15 block return-icmp(cutoff-preced) in inet proto icmp all -@16 block return-icmp(cutoff-preced) in inet proto icmp all -@17 block return-icmp6(port-unr) in inet6 proto ipv6-icmp all -@18 block return-icmp6(noroute-unr) in inet6 proto ipv6-icmp all -@19 block return-icmp6(noroute-unr) in inet6 proto ipv6-icmp all -@20 block return-icmp6(admin-unr) in inet6 proto ipv6-icmp all -@21 block return-icmp6(admin-unr) in inet6 proto ipv6-icmp all -@22 block return-icmp6(notnbr-unr) in inet6 proto ipv6-icmp all -@23 block return-icmp6(notnbr-unr) in inet6 proto ipv6-icmp all -@24 block return-icmp6(addr-unr) in inet6 proto ipv6-icmp all -@25 block return-icmp6(addr-unr) in inet6 proto ipv6-icmp all -@26 block return-icmp6(port-unr) in inet6 proto ipv6-icmp all -@27 block return-icmp6(port-unr) in inet6 proto ipv6-icmp all -@28 block return-icmp(srcfail, admin-unr) in all -@29 block return-icmp(srcfail, admin-unr) in all +pass in inet proto icmp all +pass in inet6 proto ipv6-icmp all +block in inet proto icmp all +block in inet6 proto ipv6-icmp all +block return-rst in inet proto tcp all +block return-rst in inet6 proto tcp all +block return-rst(ttl 10) in inet proto tcp all +block return-rst(ttl 10) in inet6 proto tcp all +block return-icmp(port-unr) in inet proto icmp all +block return-icmp(net-unr) in inet proto icmp all +block return-icmp(net-unr) in inet proto icmp all +block return-icmp(srcfail) in inet proto icmp all +block return-icmp(srcfail) in inet proto icmp all +block return-icmp(host-prohib) in inet proto icmp all +block return-icmp(host-prohib) in inet proto icmp all +block return-icmp(cutoff-preced) in inet proto icmp all +block return-icmp(cutoff-preced) in inet proto icmp all +block return-icmp6(port-unr) in inet6 proto ipv6-icmp all +block return-icmp6(noroute-unr) in inet6 proto ipv6-icmp all +block return-icmp6(noroute-unr) in inet6 proto ipv6-icmp all +block return-icmp6(admin-unr) in inet6 proto ipv6-icmp all +block return-icmp6(admin-unr) in inet6 proto ipv6-icmp all +block return-icmp6(notnbr-unr) in inet6 proto ipv6-icmp all +block return-icmp6(notnbr-unr) in inet6 proto ipv6-icmp all +block return-icmp6(addr-unr) in inet6 proto ipv6-icmp all +block return-icmp6(addr-unr) in inet6 proto ipv6-icmp all +block return-icmp6(port-unr) in inet6 proto ipv6-icmp all +block return-icmp6(port-unr) in inet6 proto ipv6-icmp all +block return-icmp(srcfail, admin-unr) in all +block return-icmp(srcfail, admin-unr) in all diff --git a/regress/sbin/pfctl/pf11.ok b/regress/sbin/pfctl/pf11.ok index 5803f8567b4..8e70086e4ca 100644 --- a/regress/sbin/pfctl/pf11.ok +++ b/regress/sbin/pfctl/pf11.ok @@ -1,18 +1,18 @@ -@0 pass in inet proto icmp all icmp-type echorep -@1 pass in inet proto icmp all icmp-type echorep code 0 -@2 pass in inet proto icmp all icmp-type 1 -@3 pass in inet proto icmp all icmp-type 1 code 1 -@4 pass in inet6 proto ipv6-icmp all ipv6-icmp-type 0 -@5 pass in inet6 proto ipv6-icmp all ipv6-icmp-type 0 code 0 -@6 pass in inet6 proto ipv6-icmp all ipv6-icmp-type unreach -@7 pass in inet6 proto ipv6-icmp all ipv6-icmp-type unreach code admin-unr -@8 block in inet proto icmp all icmp-type echorep -@9 block in inet proto icmp all icmp-type echorep code 0 -@10 block in inet proto icmp all icmp-type 1 -@11 block in inet proto icmp all icmp-type 1 code 1 -@12 block in inet6 proto ipv6-icmp all ipv6-icmp-type 0 -@13 block in inet6 proto ipv6-icmp all ipv6-icmp-type 0 code 0 -@14 block in inet6 proto ipv6-icmp all ipv6-icmp-type unreach -@15 block in inet6 proto ipv6-icmp all ipv6-icmp-type unreach code admin-unr -@16 pass in inet proto icmp all icmp-type unreach code needfrag -@17 pass in inet6 proto ipv6-icmp all ipv6-icmp-type timex code reassemb +pass in inet proto icmp all icmp-type echorep +pass in inet proto icmp all icmp-type echorep code 0 +pass in inet proto icmp all icmp-type 1 +pass in inet proto icmp all icmp-type 1 code 1 +pass in inet6 proto ipv6-icmp all ipv6-icmp-type 0 +pass in inet6 proto ipv6-icmp all ipv6-icmp-type 0 code 0 +pass in inet6 proto ipv6-icmp all ipv6-icmp-type unreach +pass in inet6 proto ipv6-icmp all ipv6-icmp-type unreach code admin-unr +block in inet proto icmp all icmp-type echorep +block in inet proto icmp all icmp-type echorep code 0 +block in inet proto icmp all icmp-type 1 +block in inet proto icmp all icmp-type 1 code 1 +block in inet6 proto ipv6-icmp all ipv6-icmp-type 0 +block in inet6 proto ipv6-icmp all ipv6-icmp-type 0 code 0 +block in inet6 proto ipv6-icmp all ipv6-icmp-type unreach +block in inet6 proto ipv6-icmp all ipv6-icmp-type unreach code admin-unr +pass in inet proto icmp all icmp-type unreach code needfrag +pass in inet6 proto ipv6-icmp all ipv6-icmp-type timex code reassemb diff --git a/regress/sbin/pfctl/pf12.ok b/regress/sbin/pfctl/pf12.ok index 7b433d00d0c..058ac858c0a 100644 --- a/regress/sbin/pfctl/pf12.ok +++ b/regress/sbin/pfctl/pf12.ok @@ -1,5 +1,5 @@ -@0 pass in inet from 127.0.0.1 to 127.0.0.0/8 -@1 pass in inet from 127.0.0.0/16 to 127.0.0.0/24 -@2 pass in inet from 127.0.0.0/25 to ! 127.0.0.0/26 -@3 pass in inet from ! 127.0.0.1 to 127.0.0.0/16 -@4 pass in inet from ! 127.0.0.1 to ! 127.0.0.0/8 +pass in inet from 127.0.0.1 to 127.0.0.0/8 +pass in inet from 127.0.0.0/16 to 127.0.0.0/24 +pass in inet from 127.0.0.0/25 to ! 127.0.0.0/26 +pass in inet from ! 127.0.0.1 to 127.0.0.0/16 +pass in inet from ! 127.0.0.1 to ! 127.0.0.0/8 diff --git a/regress/sbin/pfctl/pf13.ok b/regress/sbin/pfctl/pf13.ok index 5f47cd48636..01b28384001 100644 --- a/regress/sbin/pfctl/pf13.ok +++ b/regress/sbin/pfctl/pf13.ok @@ -1,12 +1,12 @@ -@0 pass in quick on enc0 fastroute all -@1 pass in quick on enc0 fastroute inet all -@2 pass in quick on enc0 fastroute inet6 all -@3 pass out quick on tun0 route-to tun1 inet all -@4 pass out quick on tun0 route-to tun1 inet from any to 192.168.1.1 -@5 pass out quick on tun0 route-to tun1 inet6 from any to fec0::1 -@6 block in on tun0 dup-to (tun1 192.168.1.1) inet proto tcp from any to any port = ftp -@7 block in on tun0 dup-to (tun1 fec0::1) inet6 proto tcp from any to any port = ftp -@8 pass in quick on tun0 route-to tun1 inet from 192.168.1.1 to 10.1.1.1 -@9 pass in quick on tun0 route-to tun1 inet6 from fec0::/64 to fec1::2 -@10 pass in quick on tun0 dup-to (tun1 192.168.1.100) inet from 192.168.1.1 to 10.1.1.1 -@11 pass in quick on tun0 dup-to (tun1 fec1::2) inet6 from fec0::/64 to fec1::2 +pass in quick on enc0 fastroute all +pass in quick on enc0 fastroute inet all +pass in quick on enc0 fastroute inet6 all +pass out quick on tun0 route-to tun1 inet all +pass out quick on tun0 route-to tun1 inet from any to 192.168.1.1 +pass out quick on tun0 route-to tun1 inet6 from any to fec0::1 +block in on tun0 dup-to (tun1 192.168.1.1) inet proto tcp from any to any port = ftp +block in on tun0 dup-to (tun1 fec0::1) inet6 proto tcp from any to any port = ftp +pass in quick on tun0 route-to tun1 inet from 192.168.1.1 to 10.1.1.1 +pass in quick on tun0 route-to tun1 inet6 from fec0::/64 to fec1::2 +pass in quick on tun0 dup-to (tun1 192.168.1.100) inet from 192.168.1.1 to 10.1.1.1 +pass in quick on tun0 dup-to (tun1 fec1::2) inet6 from fec0::/64 to fec1::2 diff --git a/regress/sbin/pfctl/pf14.ok b/regress/sbin/pfctl/pf14.ok index b92e958e604..bbdf905c514 100644 --- a/regress/sbin/pfctl/pf14.ok +++ b/regress/sbin/pfctl/pf14.ok @@ -1,6 +1,6 @@ -@0 pass in quick on lo0 inet6 from fe80::1 to fe80::1 -@1 pass in quick on lo0 inet6 from fe80::1 to fe80::1 -@2 pass in quick on lo0 inet6 from fe80::1 to any -@3 pass in quick on lo0 inet6 from any to fe80::1 -@4 pass in quick on lo0 inet6 from fe80::1 to any -@5 pass in quick on lo0 inet6 from any to fe80::1 +pass in quick on lo0 inet6 from fe80::1 to fe80::1 +pass in quick on lo0 inet6 from fe80::1 to fe80::1 +pass in quick on lo0 inet6 from fe80::1 to any +pass in quick on lo0 inet6 from any to fe80::1 +pass in quick on lo0 inet6 from fe80::1 to any +pass in quick on lo0 inet6 from any to fe80::1 diff --git a/regress/sbin/pfctl/pf15.ok b/regress/sbin/pfctl/pf15.ok index 1b99f7361ef..8be94c974db 100644 --- a/regress/sbin/pfctl/pf15.ok +++ b/regress/sbin/pfctl/pf15.ok @@ -1,14 +1,14 @@ -@0 scrub in on lo0 all no-df fragment reassemble -@1 scrub in on lo0 all min-ttl 25 fragment reassemble -@2 scrub in on lo0 all max-mss 224 fragment reassemble -@3 scrub out on lo1 inet from any to 10.0.0.1 no-df max-mss 224 fragment reassemble -@4 scrub in on lo0 all max-mss 224 fragment reassemble -@5 scrub in on lo0 all fragment reassemble -@6 scrub in on lo1 all fragment reassemble -@7 scrub in on lo0 inet from (lo0) to any fragment reassemble -@8 scrub in on lo0 inet6 from (lo1) to 2000::1 fragment reassemble -@9 scrub in on lo0 inet6 from (lo0) to 2000::1 fragment reassemble -@10 scrub in inet from 10.0.0.1 to 10.0.0.3 fragment reassemble -@11 scrub in inet from 10.0.0.1 to 10.0.0.4 fragment reassemble -@12 scrub in inet from 10.0.0.2 to 10.0.0.3 fragment reassemble -@13 scrub in inet from 10.0.0.2 to 10.0.0.4 fragment reassemble +scrub in on lo0 all no-df fragment reassemble +scrub in on lo0 all min-ttl 25 fragment reassemble +scrub in on lo0 all max-mss 224 fragment reassemble +scrub out on lo1 inet from any to 10.0.0.1 no-df max-mss 224 fragment reassemble +scrub in on lo0 all max-mss 224 fragment reassemble +scrub in on lo0 all fragment reassemble +scrub in on lo1 all fragment reassemble +scrub in on lo0 inet from (lo0) to any fragment reassemble +scrub in on lo0 inet6 from (lo1) to 2000::1 fragment reassemble +scrub in on lo0 inet6 from (lo0) to 2000::1 fragment reassemble +scrub in inet from 10.0.0.1 to 10.0.0.3 fragment reassemble +scrub in inet from 10.0.0.1 to 10.0.0.4 fragment reassemble +scrub in inet from 10.0.0.2 to 10.0.0.3 fragment reassemble +scrub in inet from 10.0.0.2 to 10.0.0.4 fragment reassemble diff --git a/regress/sbin/pfctl/pf16.ok b/regress/sbin/pfctl/pf16.ok index 39e8b8be39d..9f32f05915c 100644 --- a/regress/sbin/pfctl/pf16.ok +++ b/regress/sbin/pfctl/pf16.ok @@ -1,5 +1,5 @@ -@0 scrub in on lo0 all fragment reassemble +scrub in on lo0 all fragment reassemble nat on lo0 inet from 192.168.1.1 to any -> 10.0.0.1 rdr on lo0 inet proto tcp from any to 1.2.3.4 port 2222 -> 10.0.0.10 port 22 binat on lo0 inet from 192.168.1.1 to any -> 10.0.0.1 -@1 pass in on lo1 all +pass in on lo1 all diff --git a/regress/sbin/pfctl/pf2.ok b/regress/sbin/pfctl/pf2.ok index 5fc9ff146a0..22c078521eb 100644 --- a/regress/sbin/pfctl/pf2.ok +++ b/regress/sbin/pfctl/pf2.ok @@ -1,22 +1,22 @@ -@0 block out log on tun0 all -@1 block in log on tun0 all -@2 block return-rst out log on tun0 proto tcp all -@3 block return-rst in log on tun0 proto tcp all -@4 block return-icmp(port-unr, port-unr) out log on tun0 proto udp all -@5 block return-icmp(port-unr, port-unr) in log on tun0 proto udp all -@6 block out log quick on tun0 inet from ! 157.161.48.183 to any -@7 block in quick on tun0 inet from any to 255.255.255.255 -@8 block in log quick on tun0 inet from 10.0.0.0/8 to any -@9 block in log quick on tun0 inet from 172.16.0.0/12 to any -@10 block in log quick on tun0 inet from 192.168.0.0/16 to any -@11 block in log quick on tun0 inet from 255.255.255.255 to any -@12 block in log quick from no-route to any -@13 pass out on tun0 inet proto icmp all icmp-type echoreq code 0 keep state -@14 pass in on tun0 inet proto icmp all icmp-type echoreq code 0 keep state -@15 pass out on tun0 proto udp all keep state -@16 pass in on tun0 proto udp from any to any port = domain keep state -@17 pass out on tun0 proto tcp all keep state -@18 pass in on tun0 proto tcp from any to any port = ssh keep state -@19 pass in on tun0 proto tcp from any to any port = smtp keep state -@20 pass in on tun0 proto tcp from any to any port = domain keep state -@21 pass in on tun0 proto tcp from any to any port = auth keep state +block out log on tun0 all +block in log on tun0 all +block return-rst out log on tun0 proto tcp all +block return-rst in log on tun0 proto tcp all +block return-icmp(port-unr, port-unr) out log on tun0 proto udp all +block return-icmp(port-unr, port-unr) in log on tun0 proto udp all +block out log quick on tun0 inet from ! 157.161.48.183 to any +block in quick on tun0 inet from any to 255.255.255.255 +block in log quick on tun0 inet from 10.0.0.0/8 to any +block in log quick on tun0 inet from 172.16.0.0/12 to any +block in log quick on tun0 inet from 192.168.0.0/16 to any +block in log quick on tun0 inet from 255.255.255.255 to any +block in log quick from no-route to any +pass out on tun0 inet proto icmp all icmp-type echoreq code 0 keep state +pass in on tun0 inet proto icmp all icmp-type echoreq code 0 keep state +pass out on tun0 proto udp all keep state +pass in on tun0 proto udp from any to any port = domain keep state +pass out on tun0 proto tcp all keep state +pass in on tun0 proto tcp from any to any port = ssh keep state +pass in on tun0 proto tcp from any to any port = smtp keep state +pass in on tun0 proto tcp from any to any port = domain keep state +pass in on tun0 proto tcp from any to any port = auth keep state diff --git a/regress/sbin/pfctl/pf21.ok b/regress/sbin/pfctl/pf21.ok index 8acd3bc5c41..b03b63a4f7a 100644 --- a/regress/sbin/pfctl/pf21.ok +++ b/regress/sbin/pfctl/pf21.ok @@ -1,4 +1,4 @@ -@0 scrub in all fragment reassemble -@1 scrub in all fragment reassemble -@2 scrub in all fragment drop-ovl -@3 scrub in all fragment crop +scrub in all fragment reassemble +scrub in all fragment reassemble +scrub in all fragment drop-ovl +scrub in all fragment crop diff --git a/regress/sbin/pfctl/pf23.ok b/regress/sbin/pfctl/pf23.ok index a4c541f4918..e41a3e261ba 100644 --- a/regress/sbin/pfctl/pf23.ok +++ b/regress/sbin/pfctl/pf23.ok @@ -1 +1 @@ -@0 block in on ! lo0 all +block in on ! lo0 all diff --git a/regress/sbin/pfctl/pf24.ok b/regress/sbin/pfctl/pf24.ok index cb186d4180a..5cf0e5b92dc 100644 --- a/regress/sbin/pfctl/pf24.ok +++ b/regress/sbin/pfctl/pf24.ok @@ -3,5 +3,5 @@ b = "ftp" c = "ssh ftp" d = "ssh ftp ssh ftp" e = "ssh ftp ftp test ssh ftp" -@0 pass in proto tcp from any to any port = ssh -@1 pass in proto tcp from any to any port = ftp +pass in proto tcp from any to any port = ssh +pass in proto tcp from any to any port = ftp diff --git a/regress/sbin/pfctl/pf25.ok b/regress/sbin/pfctl/pf25.ok index d335fde6642..e94f3ebcd18 100644 --- a/regress/sbin/pfctl/pf25.ok +++ b/regress/sbin/pfctl/pf25.ok @@ -1,3 +1,3 @@ -@0 block in on ! lo0 inet from 127.0.0.1/8 to any -@1 block in on ! lo0 inet6 from ::1 to any -@2 block in log quick on ! lo0 inet from 127.0.0.1/8 to any +block in on ! lo0 inet from 127.0.0.1/8 to any +block in on ! lo0 inet6 from ::1 to any +block in log quick on ! lo0 inet from 127.0.0.1/8 to any diff --git a/regress/sbin/pfctl/pf26.ok b/regress/sbin/pfctl/pf26.ok index dc31557c06e..99b0c34630b 100644 --- a/regress/sbin/pfctl/pf26.ok +++ b/regress/sbin/pfctl/pf26.ok @@ -1,2 +1,2 @@ -@0 block in on lo0 inet from ! (lo0) to any -@1 block out on lo0 inet from any to ! (lo0) +block in on lo0 inet from ! (lo0) to any +block out on lo0 inet from any to ! (lo0) diff --git a/regress/sbin/pfctl/pf28.ok b/regress/sbin/pfctl/pf28.ok index 7725fd9328f..11322152bf7 100644 --- a/regress/sbin/pfctl/pf28.ok +++ b/regress/sbin/pfctl/pf28.ok @@ -1,6 +1,6 @@ -@0 block in log-all quick on lo0 all -@1 block in log quick on lo0 all -@2 block in log-all quick on lo0 all -@3 block in log quick on lo0 all -@4 block in log on lo0 all -@5 block in log-all on lo0 all +block in log-all quick on lo0 all +block in log quick on lo0 all +block in log-all quick on lo0 all +block in log quick on lo0 all +block in log on lo0 all +block in log-all on lo0 all diff --git a/regress/sbin/pfctl/pf3.ok b/regress/sbin/pfctl/pf3.ok index 05b995bc658..20866b6dd18 100644 --- a/regress/sbin/pfctl/pf3.ok +++ b/regress/sbin/pfctl/pf3.ok @@ -1,9 +1,9 @@ -@0 pass in all -@1 pass in all -@2 block in proto tcp all flags FPUEW/FSRPAUEW -@3 block in proto tcp all flags FS/FSRA -@4 block in proto tcp all flags /FSRAW -@5 pass in proto udp all -@6 pass in proto icmp all -@7 pass in proto tcp all flags S/SA -@8 pass in all flags S/SA +pass in all +pass in all +block in proto tcp all flags FPUEW/FSRPAUEW +block in proto tcp all flags FS/FSRA +block in proto tcp all flags /FSRAW +pass in proto udp all +pass in proto icmp all +pass in proto tcp all flags S/SA +pass in all flags S/SA diff --git a/regress/sbin/pfctl/pf30.ok b/regress/sbin/pfctl/pf30.ok index 576a28e1401..46509924aab 100644 --- a/regress/sbin/pfctl/pf30.ok +++ b/regress/sbin/pfctl/pf30.ok @@ -1 +1 @@ -@0 block in on lo0 all +block in on lo0 all diff --git a/regress/sbin/pfctl/pf31.ok b/regress/sbin/pfctl/pf31.ok index 75e7a7fd4d5..a8664622b04 100644 --- a/regress/sbin/pfctl/pf31.ok +++ b/regress/sbin/pfctl/pf31.ok @@ -1,11 +1,11 @@ set block-policy drop set block-policy return -@0 block return in on lo0 all -@1 block return in on lo0 inet all -@2 block return in on lo0 inet6 all -@3 block in on lo0 all -@4 block in on lo0 inet all -@5 block in on lo0 inet6 all -@6 block return in on lo0 all -@7 block return in on lo0 inet all -@8 block return in on lo0 inet6 all +block return in on lo0 all +block return in on lo0 inet all +block return in on lo0 inet6 all +block in on lo0 all +block in on lo0 inet all +block in on lo0 inet6 all +block return in on lo0 all +block return in on lo0 inet all +block return in on lo0 inet6 all diff --git a/regress/sbin/pfctl/pf32.ok b/regress/sbin/pfctl/pf32.ok index 221fdf0159a..7723130fa3d 100644 --- a/regress/sbin/pfctl/pf32.ok +++ b/regress/sbin/pfctl/pf32.ok @@ -1,7 +1,7 @@ -@0 pass in inet from 10.0.0.0/8 to any -@1 pass in inet from 10.1.0.0/16 to any -@2 pass in inet from 10.0.0.0/8 to any -@3 pass in inet from 192.168.37.0/25 to any -@4 pass in inet from 192.168.37.0/24 to any -@5 pass in inet from 192.168.0.0/16 to any -@6 pass in inet from 192.0.0.0/8 to any +pass in inet from 10.0.0.0/8 to any +pass in inet from 10.1.0.0/16 to any +pass in inet from 10.0.0.0/8 to any +pass in inet from 192.168.37.0/25 to any +pass in inet from 192.168.37.0/24 to any +pass in inet from 192.168.0.0/16 to any +pass in inet from 192.0.0.0/8 to any diff --git a/regress/sbin/pfctl/pf33.ok b/regress/sbin/pfctl/pf33.ok index 06ed01ad09a..be6115e8a4f 100644 --- a/regress/sbin/pfctl/pf33.ok +++ b/regress/sbin/pfctl/pf33.ok @@ -7,9 +7,9 @@ queue http_cust1 bandwidth 500.00Kb queue mail bandwidth 1000.00Kb queue ssh bandwidth 100.00Kb priority 7 cbq( borrow ) queue rsets bandwidth 7.50Kb priority 0 cbq( red ) -@0 block return in on lo0 inet all queue rsets -@1 pass in on lo0 inet proto tcp from any to any port = www keep state queue http -@2 pass out on lo0 inet proto tcp from any to any port = ssh keep state queue ssh -@3 pass in on lo0 inet proto tcp from any to any port = ssh keep state queue ssh -@4 pass out on lo0 inet proto tcp from any to any port = smtp keep state queue mail -@5 pass out on lo0 inet all keep state +block return in on lo0 inet all queue rsets +pass in on lo0 inet proto tcp from any to any port = www keep state queue http +pass out on lo0 inet proto tcp from any to any port = ssh keep state queue ssh +pass in on lo0 inet proto tcp from any to any port = ssh keep state queue ssh +pass out on lo0 inet proto tcp from any to any port = smtp keep state queue mail +pass out on lo0 inet all keep state diff --git a/regress/sbin/pfctl/pf34.ok b/regress/sbin/pfctl/pf34.ok index d4f046e6a97..2759c5d048b 100644 --- a/regress/sbin/pfctl/pf34.ok +++ b/regress/sbin/pfctl/pf34.ok @@ -1,2 +1,2 @@ -@0 pass in inet from any to 127.0.0.1 -@1 pass in inet6 from any to 2000::1 +pass in inet from any to 127.0.0.1 +pass in inet6 from any to 2000::1 diff --git a/regress/sbin/pfctl/pf35.ok b/regress/sbin/pfctl/pf35.ok index 99f22403638..9f53a5617bb 100644 --- a/regress/sbin/pfctl/pf35.ok +++ b/regress/sbin/pfctl/pf35.ok @@ -10,9 +10,9 @@ queue mail bandwidth 1000.00Kb priority 0 cbq( red ecn borrow ) queue ssh bandwidth 2.00Mb cbq( borrow ) { ssh_interactive ssh_bulk } queue ssh_interactive bandwidth 2.00Mb priority 7 queue ssh_bulk bandwidth 2.00Mb priority 0 qlimit 60 -@0 block return out on lo0 inet all queue std -@1 pass out on lo0 inet proto tcp from 10.0.0.0/24 to any port = www keep state queue developers -@2 pass out on lo0 inet proto tcp from 10.0.1.0/24 to any port = www keep state queue employees -@3 pass out on lo0 inet proto tcp from any to any port = ssh tos 0x10 keep state queue ssh_interactive -@4 pass out on lo0 inet proto tcp from any to any port = ssh tos 0x08 keep state queue ssh_bulk -@5 pass out on lo0 inet proto tcp from any to any port = smtp keep state queue mail +block return out on lo0 inet all queue std +pass out on lo0 inet proto tcp from 10.0.0.0/24 to any port = www keep state queue developers +pass out on lo0 inet proto tcp from 10.0.1.0/24 to any port = www keep state queue employees +pass out on lo0 inet proto tcp from any to any port = ssh tos 0x10 keep state queue ssh_interactive +pass out on lo0 inet proto tcp from any to any port = ssh tos 0x08 keep state queue ssh_bulk +pass out on lo0 inet proto tcp from any to any port = smtp keep state queue mail diff --git a/regress/sbin/pfctl/pf38.ok b/regress/sbin/pfctl/pf38.ok index 2ad0e0a7d8b..650347eaf3f 100644 --- a/regress/sbin/pfctl/pf38.ok +++ b/regress/sbin/pfctl/pf38.ok @@ -1,4 +1,4 @@ -@0 pass in on tun0 proto tcp all user = 3 -@1 pass in on tun0 proto tcp all group = 7 -@2 pass in on tun0 proto tcp all user = 3 group = 0 -@3 pass in on tun0 proto tcp all user = 0 group = 0 +pass in on tun0 proto tcp all user = 3 +pass in on tun0 proto tcp all group = 7 +pass in on tun0 proto tcp all user = 3 group = 0 +pass in on tun0 proto tcp all user = 0 group = 0 diff --git a/regress/sbin/pfctl/pf39.ok b/regress/sbin/pfctl/pf39.ok index 8237ed5a626..c50efd1e725 100644 --- a/regress/sbin/pfctl/pf39.ok +++ b/regress/sbin/pfctl/pf39.ok @@ -12,12 +12,12 @@ o_fragment = "fragment " o_allowopts = "allow-opts " o_label = "label blah" o_qname = "queue blah" -@0 pass in log quick on lo0 inet proto tcp all tos 0x08 keep state fragment label blah -@1 pass in log quick on lo0 inet proto icmp all user = 3 group = 32767 icmp-type echorep code 0 tos 0x08 keep state allow-opts label blah queue blah -@2 pass in log quick on lo0 inet proto icmp all user = 3 group = 0 icmp-type echorep code 0 tos 0x08 keep state allow-opts label blah queue blah -@3 pass in log quick on lo0 inet proto icmp all user = 0 group = 32767 icmp-type echorep code 0 tos 0x08 keep state allow-opts label blah queue blah -@4 pass in log quick on lo0 inet proto icmp all user = 0 group = 0 icmp-type echorep code 0 tos 0x08 keep state allow-opts label blah queue blah -@5 pass in log quick on lo0 inet proto tcp all keep state -@6 pass in log quick on lo0 inet proto tcp all tos 0x08 keep state label blah queue blah -@7 pass in log quick on lo0 inet proto icmp all icmp-type echorep code 0 tos 0x08 -@8 pass in log quick on lo0 inet proto tcp all flags S/SA allow-opts +pass in log quick on lo0 inet proto tcp all tos 0x08 keep state fragment label blah +pass in log quick on lo0 inet proto icmp all user = 3 group = 32767 icmp-type echorep code 0 tos 0x08 keep state allow-opts label blah queue blah +pass in log quick on lo0 inet proto icmp all user = 3 group = 0 icmp-type echorep code 0 tos 0x08 keep state allow-opts label blah queue blah +pass in log quick on lo0 inet proto icmp all user = 0 group = 32767 icmp-type echorep code 0 tos 0x08 keep state allow-opts label blah queue blah +pass in log quick on lo0 inet proto icmp all user = 0 group = 0 icmp-type echorep code 0 tos 0x08 keep state allow-opts label blah queue blah +pass in log quick on lo0 inet proto tcp all keep state +pass in log quick on lo0 inet proto tcp all tos 0x08 keep state label blah queue blah +pass in log quick on lo0 inet proto icmp all icmp-type echorep code 0 tos 0x08 +pass in log quick on lo0 inet proto tcp all flags S/SA allow-opts diff --git a/regress/sbin/pfctl/pf4.ok b/regress/sbin/pfctl/pf4.ok index 4fd34997a31..6c1a3f504e2 100644 --- a/regress/sbin/pfctl/pf4.ok +++ b/regress/sbin/pfctl/pf4.ok @@ -1,46 +1,46 @@ -@0 block in all -@1 block in proto tcp all -@2 block in proto tcp all -@3 block in proto udp all -@4 block in all -@5 block in inet from 10.0.0.0/8 to any -@6 block in inet from ! 10.0.0.0/8 to any -@7 block in inet from 10.0.0.0/8 to any -@8 block in inet from 172.16.0.0/12 to any -@9 block in proto tcp from any port = ssh to any -@10 block in proto tcp from any port = ssh to any -@11 block in proto tcp from any port 21 >< 2048 to any -@12 block in proto tcp from any port != 1234 to any -@13 block in proto tcp from any port >= 80 to any -@14 block in inet proto tcp from 10.0.0.0/8 port = ssh to 192.168.0.0/16 port = 6667 -@15 block in inet proto tcp from 10.0.0.0/8 port = ssh to 192.168.0.0/16 port = 6668 -@16 block in inet proto tcp from 10.0.0.0/8 port = ssh to 12.34.56.78 port = 6667 -@17 block in inet proto tcp from 10.0.0.0/8 port = ssh to 12.34.56.78 port = 6668 -@18 block in inet proto tcp from 10.0.0.0/8 port = ftp to 192.168.0.0/16 port = 6667 -@19 block in inet proto tcp from 10.0.0.0/8 port = ftp to 192.168.0.0/16 port = 6668 -@20 block in inet proto tcp from 10.0.0.0/8 port = ftp to 12.34.56.78 port = 6667 -@21 block in inet proto tcp from 10.0.0.0/8 port = ftp to 12.34.56.78 port = 6668 -@22 block in inet proto tcp from 172.16.0.0/12 port = ssh to 192.168.0.0/16 port = 6667 -@23 block in inet proto tcp from 172.16.0.0/12 port = ssh to 192.168.0.0/16 port = 6668 -@24 block in inet proto tcp from 172.16.0.0/12 port = ssh to 12.34.56.78 port = 6667 -@25 block in inet proto tcp from 172.16.0.0/12 port = ssh to 12.34.56.78 port = 6668 -@26 block in inet proto tcp from 172.16.0.0/12 port = ftp to 192.168.0.0/16 port = 6667 -@27 block in inet proto tcp from 172.16.0.0/12 port = ftp to 192.168.0.0/16 port = 6668 -@28 block in inet proto tcp from 172.16.0.0/12 port = ftp to 12.34.56.78 port = 6667 -@29 block in inet proto tcp from 172.16.0.0/12 port = ftp to 12.34.56.78 port = 6668 -@30 block in inet proto udp from 10.0.0.0/8 port = ssh to 192.168.0.0/16 port = 6667 -@31 block in inet proto udp from 10.0.0.0/8 port = ssh to 192.168.0.0/16 port = 6668 -@32 block in inet proto udp from 10.0.0.0/8 port = ssh to 12.34.56.78 port = 6667 -@33 block in inet proto udp from 10.0.0.0/8 port = ssh to 12.34.56.78 port = 6668 -@34 block in inet proto udp from 10.0.0.0/8 port = 21 to 192.168.0.0/16 port = 6667 -@35 block in inet proto udp from 10.0.0.0/8 port = 21 to 192.168.0.0/16 port = 6668 -@36 block in inet proto udp from 10.0.0.0/8 port = 21 to 12.34.56.78 port = 6667 -@37 block in inet proto udp from 10.0.0.0/8 port = 21 to 12.34.56.78 port = 6668 -@38 block in inet proto udp from 172.16.0.0/12 port = ssh to 192.168.0.0/16 port = 6667 -@39 block in inet proto udp from 172.16.0.0/12 port = ssh to 192.168.0.0/16 port = 6668 -@40 block in inet proto udp from 172.16.0.0/12 port = ssh to 12.34.56.78 port = 6667 -@41 block in inet proto udp from 172.16.0.0/12 port = ssh to 12.34.56.78 port = 6668 -@42 block in inet proto udp from 172.16.0.0/12 port = 21 to 192.168.0.0/16 port = 6667 -@43 block in inet proto udp from 172.16.0.0/12 port = 21 to 192.168.0.0/16 port = 6668 -@44 block in inet proto udp from 172.16.0.0/12 port = 21 to 12.34.56.78 port = 6667 -@45 block in inet proto udp from 172.16.0.0/12 port = 21 to 12.34.56.78 port = 6668 +block in all +block in proto tcp all +block in proto tcp all +block in proto udp all +block in all +block in inet from 10.0.0.0/8 to any +block in inet from ! 10.0.0.0/8 to any +block in inet from 10.0.0.0/8 to any +block in inet from 172.16.0.0/12 to any +block in proto tcp from any port = ssh to any +block in proto tcp from any port = ssh to any +block in proto tcp from any port 21 >< 2048 to any +block in proto tcp from any port != 1234 to any +block in proto tcp from any port >= 80 to any +block in inet proto tcp from 10.0.0.0/8 port = ssh to 192.168.0.0/16 port = 6667 +block in inet proto tcp from 10.0.0.0/8 port = ssh to 192.168.0.0/16 port = 6668 +block in inet proto tcp from 10.0.0.0/8 port = ssh to 12.34.56.78 port = 6667 +block in inet proto tcp from 10.0.0.0/8 port = ssh to 12.34.56.78 port = 6668 +block in inet proto tcp from 10.0.0.0/8 port = ftp to 192.168.0.0/16 port = 6667 +block in inet proto tcp from 10.0.0.0/8 port = ftp to 192.168.0.0/16 port = 6668 +block in inet proto tcp from 10.0.0.0/8 port = ftp to 12.34.56.78 port = 6667 +block in inet proto tcp from 10.0.0.0/8 port = ftp to 12.34.56.78 port = 6668 +block in inet proto tcp from 172.16.0.0/12 port = ssh to 192.168.0.0/16 port = 6667 +block in inet proto tcp from 172.16.0.0/12 port = ssh to 192.168.0.0/16 port = 6668 +block in inet proto tcp from 172.16.0.0/12 port = ssh to 12.34.56.78 port = 6667 +block in inet proto tcp from 172.16.0.0/12 port = ssh to 12.34.56.78 port = 6668 +block in inet proto tcp from 172.16.0.0/12 port = ftp to 192.168.0.0/16 port = 6667 +block in inet proto tcp from 172.16.0.0/12 port = ftp to 192.168.0.0/16 port = 6668 +block in inet proto tcp from 172.16.0.0/12 port = ftp to 12.34.56.78 port = 6667 +block in inet proto tcp from 172.16.0.0/12 port = ftp to 12.34.56.78 port = 6668 +block in inet proto udp from 10.0.0.0/8 port = ssh to 192.168.0.0/16 port = 6667 +block in inet proto udp from 10.0.0.0/8 port = ssh to 192.168.0.0/16 port = 6668 +block in inet proto udp from 10.0.0.0/8 port = ssh to 12.34.56.78 port = 6667 +block in inet proto udp from 10.0.0.0/8 port = ssh to 12.34.56.78 port = 6668 +block in inet proto udp from 10.0.0.0/8 port = 21 to 192.168.0.0/16 port = 6667 +block in inet proto udp from 10.0.0.0/8 port = 21 to 192.168.0.0/16 port = 6668 +block in inet proto udp from 10.0.0.0/8 port = 21 to 12.34.56.78 port = 6667 +block in inet proto udp from 10.0.0.0/8 port = 21 to 12.34.56.78 port = 6668 +block in inet proto udp from 172.16.0.0/12 port = ssh to 192.168.0.0/16 port = 6667 +block in inet proto udp from 172.16.0.0/12 port = ssh to 192.168.0.0/16 port = 6668 +block in inet proto udp from 172.16.0.0/12 port = ssh to 12.34.56.78 port = 6667 +block in inet proto udp from 172.16.0.0/12 port = ssh to 12.34.56.78 port = 6668 +block in inet proto udp from 172.16.0.0/12 port = 21 to 192.168.0.0/16 port = 6667 +block in inet proto udp from 172.16.0.0/12 port = 21 to 192.168.0.0/16 port = 6668 +block in inet proto udp from 172.16.0.0/12 port = 21 to 12.34.56.78 port = 6667 +block in inet proto udp from 172.16.0.0/12 port = 21 to 12.34.56.78 port = 6668 diff --git a/regress/sbin/pfctl/pf5.ok b/regress/sbin/pfctl/pf5.ok index 87b63a14a27..a09f801d6b2 100644 --- a/regress/sbin/pfctl/pf5.ok +++ b/regress/sbin/pfctl/pf5.ok @@ -1,11 +1,11 @@ foo = "ssh, ftp" bar = "other thing" inside = "10.0.0.0/8" -@0 block in inet proto udp from 10.0.0.0/8 port = echo to 12.34.56.78 port = 6667 -@1 block in inet proto udp from 10.0.0.0/8 port = echo to 12.34.56.78 port = 16 -@2 block in inet proto udp from 10.0.0.0/8 port = ssh to 12.34.56.78 port = 6667 -@3 block in inet proto udp from 10.0.0.0/8 port = ssh to 12.34.56.78 port = 16 -@4 block in inet proto udp from 10.0.0.0/8 port = 21 to 12.34.56.78 port = 6667 -@5 block in inet proto udp from 10.0.0.0/8 port = 21 to 12.34.56.78 port = 16 -@6 block in inet proto udp from 10.0.0.0/8 port = 113 to 12.34.56.78 port = 6667 -@7 block in inet proto udp from 10.0.0.0/8 port = 113 to 12.34.56.78 port = 16 +block in inet proto udp from 10.0.0.0/8 port = echo to 12.34.56.78 port = 6667 +block in inet proto udp from 10.0.0.0/8 port = echo to 12.34.56.78 port = 16 +block in inet proto udp from 10.0.0.0/8 port = ssh to 12.34.56.78 port = 6667 +block in inet proto udp from 10.0.0.0/8 port = ssh to 12.34.56.78 port = 16 +block in inet proto udp from 10.0.0.0/8 port = 21 to 12.34.56.78 port = 6667 +block in inet proto udp from 10.0.0.0/8 port = 21 to 12.34.56.78 port = 16 +block in inet proto udp from 10.0.0.0/8 port = 113 to 12.34.56.78 port = 6667 +block in inet proto udp from 10.0.0.0/8 port = 113 to 12.34.56.78 port = 16 diff --git a/regress/sbin/pfctl/pf7.ok b/regress/sbin/pfctl/pf7.ok index f8deafd8445..627f72c3a79 100644 --- a/regress/sbin/pfctl/pf7.ok +++ b/regress/sbin/pfctl/pf7.ok @@ -1,21 +1,21 @@ -@0 block out log on tun0 all -@1 block in log on tun0 all -@2 block return-rst out log on tun0 proto tcp all -@3 block return-rst in log on tun0 proto tcp all -@4 block return-icmp(port-unr, port-unr) out log on tun0 proto udp all -@5 block return-icmp(port-unr, port-unr) in log on tun0 proto udp all -@6 block out log quick on tun0 inet from ! 157.161.48.183 to any -@7 block in quick on tun0 inet from any to 255.255.255.255 -@8 block in log quick on tun0 inet from 10.0.0.0/8 to any -@9 block in log quick on tun0 inet from 172.16.0.0/12 to any -@10 block in log quick on tun0 inet from 192.168.0.0/16 to any -@11 block in log quick on tun0 inet from 255.255.255.255 to any -@12 pass out on tun0 inet proto icmp all icmp-type echoreq code 0 keep state -@13 pass in on tun0 inet proto icmp all icmp-type echoreq code 0 keep state -@14 pass out on tun0 proto udp all keep state -@15 pass in on tun0 proto udp from any to any port = domain keep state -@16 pass out on tun0 proto tcp all modulate state -@17 pass in on tun0 proto tcp from any to any port = ssh modulate state -@18 pass in on tun0 proto tcp from any to any port = smtp modulate state -@19 pass in on tun0 proto tcp from any to any port = domain modulate state -@20 pass in on tun0 proto tcp from any to any port = auth modulate state +block out log on tun0 all +block in log on tun0 all +block return-rst out log on tun0 proto tcp all +block return-rst in log on tun0 proto tcp all +block return-icmp(port-unr, port-unr) out log on tun0 proto udp all +block return-icmp(port-unr, port-unr) in log on tun0 proto udp all +block out log quick on tun0 inet from ! 157.161.48.183 to any +block in quick on tun0 inet from any to 255.255.255.255 +block in log quick on tun0 inet from 10.0.0.0/8 to any +block in log quick on tun0 inet from 172.16.0.0/12 to any +block in log quick on tun0 inet from 192.168.0.0/16 to any +block in log quick on tun0 inet from 255.255.255.255 to any +pass out on tun0 inet proto icmp all icmp-type echoreq code 0 keep state +pass in on tun0 inet proto icmp all icmp-type echoreq code 0 keep state +pass out on tun0 proto udp all keep state +pass in on tun0 proto udp from any to any port = domain keep state +pass out on tun0 proto tcp all modulate state +pass in on tun0 proto tcp from any to any port = ssh modulate state +pass in on tun0 proto tcp from any to any port = smtp modulate state +pass in on tun0 proto tcp from any to any port = domain modulate state +pass in on tun0 proto tcp from any to any port = auth modulate state diff --git a/regress/sbin/pfctl/pf8.ok b/regress/sbin/pfctl/pf8.ok index dfad4323752..7b73977d705 100644 --- a/regress/sbin/pfctl/pf8.ok +++ b/regress/sbin/pfctl/pf8.ok @@ -1,3 +1,3 @@ extern = "{ ! 10.0.0.0/8, 10.1.2.3 }" -@0 block out log on tun1 inet from ! 10.0.0.0/8 to any -@1 block out log on tun1 inet from 10.1.2.3 to any +block out log on tun1 inet from ! 10.0.0.0/8 to any +block out log on tun1 inet from 10.1.2.3 to any diff --git a/regress/sbin/pfctl/pf9.ok b/regress/sbin/pfctl/pf9.ok index 967b9626fda..05be5804c6d 100644 --- a/regress/sbin/pfctl/pf9.ok +++ b/regress/sbin/pfctl/pf9.ok @@ -1,3 +1,3 @@ interfaces = "{ enc0, tun0 }" -@0 block in on enc0 all -@1 block in on tun0 all +block in on enc0 all +block in on tun0 all |