FreeBSD Bugzilla – Attachment 165878 Details for
Bug 206143
DLINK DUB-E100 revision C1 can't reach destination
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
pfctl rules wtih ale0
b (text/plain), 7.65 KB, created by
Mantas
on 2016-01-20 19:16:32 UTC
(
hide
)
Description:
pfctl rules wtih ale0
Filename:
MIME Type:
Creator:
Mantas
Created:
2016-01-20 19:16:32 UTC
Size:
7.65 KB
patch
obsolete
>scrub on ue0 all fragment reassemble >scrub on ale0 all fragment reassemble >anchor "*" all { >} >anchor "*" all { >} >anchor "*" all { >} >block drop in log quick inet from 169.254.0.0/16 to any label "Block IPv4 link-local" >block drop in log quick inet from any to 169.254.0.0/16 label "Block IPv4 link-local" >block drop in log inet all label "Default deny rule IPv4" >block drop out log inet all label "Default deny rule IPv4" >block drop in log inet6 all label "Default deny rule IPv6" >block drop out log inet6 all label "Default deny rule IPv6" >pass quick inet6 proto ipv6-icmp all icmp6-type unreach keep state >pass quick inet6 proto ipv6-icmp all icmp6-type toobig keep state >pass quick inet6 proto ipv6-icmp all icmp6-type neighbrsol keep state >pass quick inet6 proto ipv6-icmp all icmp6-type neighbradv keep state >pass out quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type echorep keep state >pass out quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type routersol keep state >pass out quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type routeradv keep state >pass out quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type neighbrsol keep state >pass out quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type neighbradv keep state >pass out quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type echorep keep state >pass out quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type routersol keep state >pass out quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type routeradv keep state >pass out quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type neighbrsol keep state >pass out quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type neighbradv keep state >pass in quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type echoreq keep state >pass in quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type routersol keep state >pass in quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type routeradv keep state >pass in quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type neighbrsol keep state >pass in quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type neighbradv keep state >pass in quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 icmp6-type echoreq keep state >pass in quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 icmp6-type routersol keep state >pass in quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 icmp6-type routeradv keep state >pass in quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 icmp6-type neighbrsol keep state >pass in quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 icmp6-type neighbradv keep state >pass in quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type echoreq keep state >pass in quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type routersol keep state >pass in quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type routeradv keep state >pass in quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type neighbrsol keep state >pass in quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type neighbradv keep state >block drop log quick inet proto tcp from any port = 0 to any label "Block traffic from port 0" >block drop log quick inet proto udp from any port = 0 to any label "Block traffic from port 0" >block drop log quick inet proto tcp from any to any port = 0 label "Block traffic to port 0" >block drop log quick inet proto udp from any to any port = 0 label "Block traffic to port 0" >block drop log quick inet6 proto tcp from any port = 0 to any label "Block traffic from port 0" >block drop log quick inet6 proto udp from any port = 0 to any label "Block traffic from port 0" >block drop log quick inet6 proto tcp from any to any port = 0 label "Block traffic to port 0" >block drop log quick inet6 proto udp from any to any port = 0 label "Block traffic to port 0" >block drop log quick from <snort2c> to any label "Block snort2c hosts" >block drop log quick from any to <snort2c> label "Block snort2c hosts" >block drop in log quick proto tcp from <sshlockout> to (self) port = ssh label "sshlockout" >block drop in log quick proto tcp from <webConfiguratorlockout> to (self) port = https label "webConfiguratorlockout" >block drop in log quick from <virusprot> to any label "virusprot overload table" >pass in quick on ue0 inet6 proto udp from fe80::/10 port = dhcpv6-client to fe80::/10 port = dhcpv6-client keep state label "allow dhcpv6 client in WAN" >pass in quick on ue0 proto udp from any port = dhcpv6-server to any port = dhcpv6-client keep state label "allow dhcpv6 client in WAN" >pass out quick on ue0 proto udp from any port = dhcpv6-client to any port = dhcpv6-server keep state label "allow dhcpv6 client out WAN" >block drop in log quick on ue0 from <bogons> to any label "block bogon IPv4 networks from WAN" >block drop in log quick on ue0 from <bogonsv6> to any label "block bogon IPv6 networks from WAN" >block drop in log quick on ue0 inet from 10.0.0.0/8 to any label "Block private networks from WAN block 10/8" >block drop in log quick on ue0 inet from 127.0.0.0/8 to any label "Block private networks from WAN block 127/8" >block drop in log quick on ue0 inet from 172.16.0.0/12 to any label "Block private networks from WAN block 172.16/12" >block drop in log quick on ue0 inet from 192.168.0.0/16 to any label "Block private networks from WAN block 192.168/16" >block drop in log quick on ue0 inet6 from fc00::/7 to any label "Block ULA networks from WAN block fc00::/7" >pass in on ue0 proto udp from any port = bootps to any port = bootpc keep state label "allow dhcp client out WAN" >pass out on ue0 proto udp from any port = bootpc to any port = bootps keep state label "allow dhcp client out WAN" >block drop in log on ! ale0 inet from 192.168.1.0/24 to any >block drop in log inet from 192.168.1.1 to any >block drop in log on ale0 inet6 from fe80::1:1 to any >pass in quick on ale0 inet proto udp from any port = bootpc to 255.255.255.255 port = bootps keep state label "allow access to DHCP server" >pass in quick on ale0 inet proto udp from any port = bootpc to 192.168.1.1 port = bootps keep state label "allow access to DHCP server" >pass out quick on ale0 inet proto udp from 192.168.1.1 port = bootps to any port = bootpc keep state label "allow access to DHCP server" >pass quick on ale0 inet6 proto udp from fe80::/10 to fe80::/10 port = dhcpv6-client keep state label "allow access to DHCPv6 server" >pass quick on ale0 inet6 proto udp from fe80::/10 to ff02::/16 port = dhcpv6-client keep state label "allow access to DHCPv6 server" >pass quick on ale0 inet6 proto udp from fe80::/10 to ff02::/16 port = dhcpv6-server keep state label "allow access to DHCPv6 server" >pass quick on ale0 inet6 proto udp from ff02::/16 to fe80::/10 port = dhcpv6-server keep state label "allow access to DHCPv6 server" >pass in on lo0 inet all flags S/SA keep state label "pass IPv4 loopback" >pass out on lo0 inet all flags S/SA keep state label "pass IPv4 loopback" >pass in on lo0 inet6 all flags S/SA keep state label "pass IPv6 loopback" >pass out on lo0 inet6 all flags S/SA keep state label "pass IPv6 loopback" >pass out inet all flags S/SA keep state allow-opts label "let out anything IPv4 from firewall host itself" >pass out inet6 all flags S/SA keep state allow-opts label "let out anything IPv6 from firewall host itself" >pass in quick on ale0 proto tcp from any to (ale0) port = https flags S/SA keep state label "anti-lockout rule" >pass in quick on ale0 proto tcp from any to (ale0) port = http flags S/SA keep state label "anti-lockout rule" >anchor "*" all { >} >pass in quick on ale0 inet from 192.168.1.0/24 to any flags S/SA keep state label "USER_RULE: Default allow LAN to any rule" >anchor "*" all { >}
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=165878">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 206143
:
165435
|
165877
| 165878