regress/sbin/pfctl/pfopt5.ok


1
2
3
4
5
6
7
8

ext_if = "lo0"
set limit states 100
set block-policy drop
set require-order yes
scrub in all fragment reassemble
pass out on lo0 proto tcp from any to any port = ssh flags S/SA keep state queue(pri-med, pri-high)
pass out on lo0 proto tcp from any to any port = www flags S/SA keep state queue pri-med
pass in on lo0 proto tcp from any to any port = www flags S/SA keep state queue pri-low