regress/sbin/pfctl/pf13.optimized


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56

@0 pass in quick on enc0 all flags S/SA keep state fastroute
  [ Skip steps: p=4 sa=6 sp=end da=2 dp=4 ]
  [ queue: qname= qid=0 pqname= pqid=0 ]
  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
@1 pass out quick on tun1000000 inet all flags S/SA keep state route-to tun1000001
  [ Skip steps: i=end d=4 f=3 p=4 sa=6 sp=end dp=4 ]
  [ queue: qname= qid=0 pqname= pqid=0 ]
  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
@2 pass out quick on tun1000000 inet from any to 192.168.1.1 flags S/SA keep state route-to tun1000001
  [ Skip steps: i=end d=4 p=4 sa=6 sp=end dp=4 ]
  [ queue: qname= qid=0 pqname= pqid=0 ]
  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
@3 pass out quick on tun1000000 inet6 from any to fec0::1 flags S/SA keep state route-to tun1000001
  [ Skip steps: i=end sa=6 sp=end ]
  [ queue: qname= qid=0 pqname= pqid=0 ]
  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
@4 block drop in on tun1000000 inet proto tcp from any to any port = ftp dup-to (tun1000001 192.168.1.1)
  [ Skip steps: i=end d=end p=6 sa=6 sp=end da=6 dp=6 ]
  [ queue: qname= qid=0 pqname= pqid=0 ]
  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
@5 block drop in on tun1000000 inet6 proto tcp from any to any port = ftp dup-to (tun1000001 fec0::1)
  [ Skip steps: i=end d=end sp=end ]
  [ queue: qname= qid=0 pqname= pqid=0 ]
  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
@6 pass in quick on tun1000000 inet from 192.168.1.1 to 10.1.1.1 flags S/SA keep state route-to tun1000001
  [ Skip steps: i=end d=end p=8 sp=end dp=8 ]
  [ queue: qname= qid=0 pqname= pqid=0 ]
  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
@7 pass in quick on tun1000000 inet6 from fec0::/64 to fec1::2 flags S/SA keep state route-to tun1000001
  [ Skip steps: i=end d=end sp=end ]
  [ queue: qname= qid=0 pqname= pqid=0 ]
  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
@8 block drop in on tun1000000 inet proto tcp from any to any port = ftp reply-to (tun1000001 192.168.1.1)
  [ Skip steps: i=end d=end p=10 sa=10 sp=end da=10 dp=10 ]
  [ queue: qname= qid=0 pqname= pqid=0 ]
  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
@9 block drop in on tun1000000 inet6 proto tcp from any to any port = ftp reply-to (tun1000001 fec0::1)
  [ Skip steps: i=end d=end sp=end ]
  [ queue: qname= qid=0 pqname= pqid=0 ]
  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
@10 pass in quick on tun1000000 inet from 192.168.1.1 to 10.1.1.1 flags S/SA keep state reply-to tun1000001
  [ Skip steps: i=end d=end p=end sp=end dp=end ]
  [ queue: qname= qid=0 pqname= pqid=0 ]
  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
@11 pass in quick on tun1000000 inet6 from fec0::/64 to fec1::2 flags S/SA keep state reply-to tun1000001
  [ Skip steps: i=end d=end p=end sp=end dp=end ]
  [ queue: qname= qid=0 pqname= pqid=0 ]
  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
@12 pass in quick on tun1000000 inet from 192.168.1.1 to 10.1.1.1 flags S/SA keep state dup-to (tun1000001 192.168.1.100)
  [ Skip steps: i=end d=end p=end sp=end dp=end ]
  [ queue: qname= qid=0 pqname= pqid=0 ]
  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
@13 pass in quick on tun1000000 inet6 from fec0::/64 to fec1::2 flags S/SA keep state dup-to (tun1000001 fec1::2)
  [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ]
  [ queue: qname= qid=0 pqname= pqid=0 ]
  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]