regress/sbin/pfctl/pf13.in


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22

pass in quick on enc0 fastroute all
pass in quick on enc0 fastroute inet all
pass in quick on enc0 fastroute inet6 all

pass out quick on tun1000000 route-to tun1000001 inet all
pass out quick on tun1000000 route-to tun1000001 from any to 192.168.1.1
pass out quick on tun1000000 route-to tun1000001 from any to fec0::1

block in on tun1000000 dup-to (tun1000001 192.168.1.1) proto tcp from any to any port = 21
block in on tun1000000 dup-to (tun1000001 fec0::1) proto tcp from any to any port = 21

pass in quick on tun1000000 route-to tun1000001 from 192.168.1.1/32 to 10.1.1.1/32
pass in quick on tun1000000 route-to tun1000001 from fec0::1/64 to fec1::2/128

block in on tun1000000 reply-to (tun1000001 192.168.1.1) proto tcp from any to any port = 21
block in on tun1000000 reply-to (tun1000001 fec0::1) proto tcp from any to any port = 21

pass in quick on tun1000000 reply-to tun1000001 from 192.168.1.1/32 to 10.1.1.1/32
pass in quick on tun1000000 reply-to tun1000001 from fec0::1/64 to fec1::2/128

pass in quick on tun1000000 dup-to (tun1000001 192.168.1.100) from 192.168.1.1/32 to 10.1.1.1/32
pass in quick on tun1000000 dup-to (tun1000001 fec1::2) from fec0::1/64 to fec1::2/128