blob: 8062d2765bc5ce4e9d6057f22c53ef70f3c06039 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
pass in quick on enc0 fastroute all flags S/SA keep state
pass in quick on enc0 fastroute inet all flags S/SA keep state
pass in quick on enc0 fastroute inet6 all flags S/SA keep state
pass out quick on tun1000000 route-to tun1000001 inet all flags S/SA keep state
pass out quick on tun1000000 route-to tun1000001 inet from any to 192.168.1.1 flags S/SA keep state
pass out quick on tun1000000 route-to tun1000001 inet6 from any to fec0::1 flags S/SA keep state
block drop in on tun1000000 dup-to (tun1000001 192.168.1.1) inet proto tcp from any to any port = ftp
block drop in on tun1000000 dup-to (tun1000001 fec0::1) inet6 proto tcp from any to any port = ftp
pass in quick on tun1000000 route-to tun1000001 inet from 192.168.1.1 to 10.1.1.1 flags S/SA keep state
pass in quick on tun1000000 route-to tun1000001 inet6 from fec0::/64 to fec1::2 flags S/SA keep state
block drop in on tun1000000 reply-to (tun1000001 192.168.1.1) inet proto tcp from any to any port = ftp
block drop in on tun1000000 reply-to (tun1000001 fec0::1) inet6 proto tcp from any to any port = ftp
pass in quick on tun1000000 reply-to tun1000001 inet from 192.168.1.1 to 10.1.1.1 flags S/SA keep state
pass in quick on tun1000000 reply-to tun1000001 inet6 from fec0::/64 to fec1::2 flags S/SA keep state
pass in quick on tun1000000 dup-to (tun1000001 192.168.1.100) inet from 192.168.1.1 to 10.1.1.1 flags S/SA keep state
pass in quick on tun1000000 dup-to (tun1000001 fec1::2) inet6 from fec0::/64 to fec1::2 flags S/SA keep state
|
