FreeBSD Bugzilla – Attachment 150527 Details for
Bug 194515
[pf] [vnet] Fatal Trap 12 Kernel with vimage
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
pf_min.conf
pf_min.conf (text/plain), 1.79 KB, created by
Craig Rodrigues
on 2014-12-13 05:28:16 UTC
(
hide
)
Description:
pf_min.conf
Filename:
MIME Type:
Creator:
Craig Rodrigues
Created:
2014-12-13 05:28:16 UTC
Size:
1.79 KB
patch
obsolete
>set optimization normal >set timeout { adaptive.start 0, adaptive.end 0 } >set limit states 815000 >set limit src-nodes 815000 > > >loopback = "{ lo0 }" >WAN = "{ epair0b }" > >table <RFC_lans> { 192.168.0.0/16 10.0.0.0/8 127.0.0.0/8 172.16.0.0/12 } >RFC_lans = "<RFC_lans>" >ssh_ports = "{ 22 }" > > > >set loginterface $WAN > >set skip on pfsync0 > >scrub on $WAN all fragment reassemble > >no nat proto carp >no rdr proto carp >nat-anchor "natearly/*" >nat-anchor "natrules/*" > > > > >rdr-anchor "relayd/*" >rdr-anchor "tftp-proxy/*" > >block in log inet all label "Default deny rule IPv4" >block out log inet all label "Default deny rule IPv4" > > > >block quick inet proto { tcp, udp } from any port = 0 to any >block quick inet proto { tcp, udp } from any to any port = 0 > >block in log quick on $WAN from <bogons> to any label "block bogon IPv4 networks from WAN" > >antispoof for $WAN >block in log quick on $WAN from 10.0.0.0/8 to any label "Block private networks from WAN block 10/8" >block in log quick on $WAN from 127.0.0.0/8 to any label "Block private networks from WAN block 127/8" >block in log quick on $WAN from 100.64.0.0/10 to any label "Block private networks from WAN block 100.64/10" >block in log quick on $WAN from 172.16.0.0/12 to any label "Block private networks from WAN block 172.16/12" >pass in quick on $WAN proto udp from any port = 68 to 255.255.255.255 port = 67 label "allow access to DHCP server" >pass in quick on $WAN proto udp from any port = 68 to 192.168.250.254 port = 67 label "allow access to DHCP server" > > > >pass in on $loopback inet all label "pass IPv4 loopback" >pass out on $loopback inet all label "pass IPv4 loopback" > >pass out inet all keep state allow-opts label "let out anything IPv4 from firewall host itself" >pass out inet6 all keep state allow-opts label "let out anything IPv6 from firewall host itself"
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=150527">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 194515
:
150526
| 150527