blob: d5d06429de6f47e5cc93ff3628ca8e9a99a93ac8 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
# pf must have these rules in the regress anchor
set ruleset-optimization none
# nothing to pflog N3, will be overridden by later rule
pass log (to $PFLOG_N3) on $LO no state
# everything to pflog N2
match log (to $PFLOG_N2) on $LO no state
# specific test to pflog N1
pass log (to $PFLOG_N1) on $LO inet
pass log (to $PFLOG_N1) on $LO to 127.0.0.1 no state
pass log (to $PFLOG_N1) on $LO to 127.0.0.2 keep state
pass log (all to $PFLOG_N1) on $LO to 127.0.0.3 keep state
pass log (user to $PFLOG_N1) on $LO to 127.0.0.4
pass on $LO to 127.0.0.5
pass log (matches to $PFLOG_N1) on $LO to 127.0.0.6
pass on $LO to 127.0.0.6
pass log (to $PFLOG_N1) on $LO inet6
pass log (to $PFLOG_N1) on $LO to fe80::1 no state
pass log (to $PFLOG_N1) on $LO to fe80::2 keep state
pass log (all to $PFLOG_N1) on $LO to fe80::3 keep state
# XXX Socket lookup with embeded scope does not match. Use ::1 instead.
pass log (user to $PFLOG_N1) on $LO to ::1
pass on $LO to fe80::5
pass log (matches to $PFLOG_N1) on $LO to fe80::6
pass on $LO to fe80::6
|
