blob: 1dcec67547759175dea0ba6bfb031c15eeee397a (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
|
scrub proto tcp
scrub proto tcp all
scrub proto tcp from any to any
scrub in proto tcp
scrub in proto tcp all
scrub in proto tcp all fragment crop
scrub in proto tcp all fragment drop-ovl
scrub in proto tcp all fragment reassemble
scrub in proto tcp from { <regress.1> !<regress.2> } to any
scrub in inet proto tcp from { 10.0.0.1, 10.0.0.2 } to { 10.0.0.3, 10.0.0.4 }
scrub in log on lo0 proto tcp from any to any min-ttl 25
scrub in log on lo0 inet6 proto tcp from { (lo1), (lo0) } to 2000::1
scrub in log on {lo0 lo1} proto tcp from any to any
scrub in on lo0 proto tcp all
scrub in on lo0 proto tcp from any to any fragment reassemble max-mss 224 min-ttl 15 no-df
scrub in on lo0 proto tcp from any to any max-mss 224
scrub in on lo0 proto tcp from any to any max-mss 224 min-ttl 15 no-df fragment reassemble
scrub in on lo0 proto tcp from any to any min-ttl 15 fragment drop-ovl no-df max-mss 224
scrub in on lo0 proto tcp from any to any min-ttl 15 no-df max-mss 224
scrub in on lo0 proto tcp from any to any no-df
scrub in on lo0 proto tcp from any to any no-df max-mss 224 fragment crop min-ttl 15
scrub in on lo0 proto tcp from any to any no-df max-mss 224 min-ttl 15
scrub in on lo0 inet proto tcp from (lo0) to any
scrub on lo0 proto tcp from any to any max-mss 224
scrub out proto tcp
scrub out proto tcp from any to { !<regress.1>, <regress.2> }
scrub out log on lo1 proto tcp from any to 10.0.0.1 no-df max-mss 224
scrub proto tcp random-id
scrub proto tcp from any to any port 80
scrub in proto tcp from { <regress.1> !<regress.2> } to any port 80
scrub in inet proto tcp from { 10.0.0.1, 10.0.0.2 } to { 10.0.0.3, 10.0.0.4 } port 80
scrub in log on lo0 proto tcp from any to any port 80 min-ttl 25
scrub in log on lo0 inet6 proto tcp from { (lo1), (lo0) } port 80 to 2000::1
scrub in log on {lo0 lo1} proto tcp from any port 80 to any
scrub in on lo0 proto tcp from any port {80, 81} to any fragment reassemble max-mss 224 min-ttl 15 no-df
scrub in on lo0 proto tcp from any to any port 80 max-mss 224
scrub in on lo0 proto tcp from any port 80 to any max-mss 224 min-ttl 15 no-df fragment reassemble
scrub in on lo0 proto tcp from any port 80 to any min-ttl 15 fragment drop-ovl no-df max-mss 224
scrub in on lo0 proto tcp from any to any port {80, 81, 82} min-ttl 15 no-df max-mss 224
scrub in on lo0 proto tcp from any port 80 to any port 80 no-df
scrub in on lo0 proto tcp from any port {80, 81} to any port {80, 81} no-df max-mss 224 fragment crop min-ttl 15
scrub in on lo0 proto tcp from any to any port 83 no-df max-mss 224 min-ttl 15
scrub in on lo0 inet proto tcp from (lo0) port 80 to any
scrub on lo0 proto tcp from any to any port 80 max-mss 224
scrub out proto tcp from any to { !<regress.1>, <regress.2> } port 80
scrub out log on lo1 proto tcp from any to 10.0.0.1 port 80 no-df max-mss 224
|
