First cut to make it work again.
TODO: make it work with obj dirs.
This commit is contained in:
parent
90736ab608
commit
c4b5806fb2
@ -1,4 +1,4 @@
|
||||
# $NetBSD: Makefile,v 1.3 1998/05/29 20:59:43 veego Exp $
|
||||
# $NetBSD: Makefile,v 1.4 2000/02/06 13:05:25 veego Exp $
|
||||
#
|
||||
# (C)opyright 1993-1996 by Darren Reed.
|
||||
#
|
||||
@ -6,34 +6,38 @@
|
||||
# provided that this notice is preserved and due credit is given
|
||||
# to the original author and the contributors.
|
||||
#
|
||||
BINDEST=/usr/local/bin
|
||||
SBINDEST=/sbin
|
||||
MANDIR=/usr/share/man
|
||||
.include <bsd.prog.mk>
|
||||
|
||||
tests: first 0 ftests ptests
|
||||
tests: first ftests ptests ntests
|
||||
|
||||
first:
|
||||
-mkdir -p results
|
||||
|
||||
# Filtering tests
|
||||
ftests: 1 2 3 4 5 6 7 8 9 10 11 12 14
|
||||
ftests: f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f12 f14
|
||||
|
||||
# Rule parsing tests
|
||||
ptests: i1 i2 i3 i4 i5 i6 i7 i8 i9 i10 i11
|
||||
|
||||
ntests: n1 n2 n3 n4
|
||||
|
||||
0:
|
||||
@(cd ..; make ipftest; )
|
||||
|
||||
1 2 3 4 5 6 7 8 9 10 11 14:
|
||||
f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f14:
|
||||
@/bin/sh ./dotest $@
|
||||
|
||||
12:
|
||||
f12:
|
||||
@/bin/sh ./hextest $@
|
||||
|
||||
i1 i2 i3 i4 i5 i6 i7 i8 i9 i10 i11:
|
||||
@/bin/sh ./itest $@
|
||||
|
||||
clean:
|
||||
/bin/rm -f 1 2 3 4 5 6 7 8 9 10 11 12 14
|
||||
/bin/rm -rf results
|
||||
n1 n2 n3 n4:
|
||||
@/bin/sh ./nattest $@
|
||||
|
||||
clean cleandir:
|
||||
/bin/rm -f f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f12 f14
|
||||
/bin/rm -f i1 i2 i3 i4 i5 i6 i7 i8 i9 i10 i11
|
||||
/bin/rm -f n1 n2 n3 n4
|
||||
/bin/rm -rf results
|
||||
|
@ -1,40 +1,20 @@
|
||||
#!/bin/sh
|
||||
#
|
||||
# $NetBSD: dotest,v 1.4 1998/05/29 21:01:45 veego Exp $
|
||||
# $NetBSD: dotest,v 1.5 2000/02/06 13:05:26 veego Exp $
|
||||
#
|
||||
if [ -f /usr/ucb/touch ] ; then
|
||||
TOUCH=/usr/ucb/touch
|
||||
else
|
||||
if [ -f /usr/bin/touch ] ; then
|
||||
TOUCH=/usr/bin/touch
|
||||
else
|
||||
if [ -f /bin/touch ] ; then
|
||||
TOUCH=/bin/touch
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ -f ../ipftest ] ; then
|
||||
IPFTEST=../ipftest
|
||||
else
|
||||
if [ -f /usr/sbin/ipftest ] ; then
|
||||
IPFTEST=/usr/sbin/ipftest
|
||||
else
|
||||
IPFTEST=ipftest
|
||||
fi
|
||||
fi
|
||||
|
||||
echo "$1...";
|
||||
/bin/cp /dev/null results/$1
|
||||
( while read rule; do
|
||||
echo "$rule" | $IPFTEST -br - -i input/$1 >> results/$1;
|
||||
echo "$rule" | ipftest -br - -i ../../../../dist/ipf/test/input/$1 >> results/$1;
|
||||
if [ $? -ne 0 ] ; then
|
||||
exit 1;
|
||||
fi
|
||||
done ) < regress/$1
|
||||
cmp expected/$1 results/$1
|
||||
echo "--------" >> results/$1
|
||||
done ) < ../../../../dist/ipf/test/regress/$1
|
||||
cmp ../../../../dist/ipf/test/expected/$1 results/$1
|
||||
status=$?
|
||||
if [ $status = 0 ] ; then
|
||||
$TOUCH $1
|
||||
touch $1
|
||||
fi
|
||||
exit $status
|
||||
|
@ -1,16 +0,0 @@
|
||||
block
|
||||
block
|
||||
nomatch
|
||||
nomatch
|
||||
pass
|
||||
pass
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
block
|
||||
block
|
||||
nomatch
|
||||
nomatch
|
||||
pass
|
||||
pass
|
@ -1,108 +0,0 @@
|
||||
nomatch
|
||||
block
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
pass
|
||||
pass
|
||||
pass
|
||||
nomatch
|
||||
nomatch
|
||||
pass
|
||||
block
|
||||
block
|
||||
block
|
||||
nomatch
|
||||
nomatch
|
||||
block
|
||||
pass
|
||||
pass
|
||||
pass
|
||||
nomatch
|
||||
nomatch
|
||||
pass
|
||||
block
|
||||
block
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
block
|
||||
pass
|
||||
pass
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
pass
|
||||
block
|
||||
block
|
||||
block
|
||||
block
|
||||
block
|
||||
block
|
||||
pass
|
||||
pass
|
||||
pass
|
||||
pass
|
||||
pass
|
||||
pass
|
||||
nomatch
|
||||
block
|
||||
block
|
||||
block
|
||||
nomatch
|
||||
block
|
||||
nomatch
|
||||
pass
|
||||
pass
|
||||
pass
|
||||
nomatch
|
||||
pass
|
||||
nomatch
|
||||
pass
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
block
|
||||
block
|
||||
block
|
||||
block
|
||||
block
|
||||
nomatch
|
||||
pass
|
||||
pass
|
||||
pass
|
||||
pass
|
||||
pass
|
||||
block
|
||||
block
|
||||
nomatch
|
||||
block
|
||||
nomatch
|
||||
block
|
||||
pass
|
||||
pass
|
||||
nomatch
|
||||
pass
|
||||
nomatch
|
||||
pass
|
||||
block
|
||||
block
|
||||
block
|
||||
block
|
||||
block
|
||||
block
|
||||
pass
|
||||
pass
|
||||
pass
|
||||
pass
|
||||
pass
|
||||
pass
|
||||
block
|
||||
block
|
||||
block
|
||||
nomatch
|
||||
nomatch
|
||||
block
|
@ -1,66 +0,0 @@
|
||||
pass
|
||||
pass
|
||||
pass
|
||||
pass
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
block
|
||||
block
|
||||
block
|
||||
block
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
pass
|
||||
pass
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
block
|
||||
block
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
pass
|
||||
pass
|
||||
pass
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
block
|
||||
block
|
||||
block
|
||||
nomatch
|
||||
nomatch
|
@ -1,54 +0,0 @@
|
||||
pass
|
||||
pass
|
||||
pass
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
pass
|
||||
pass
|
||||
pass
|
||||
pass
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
block
|
||||
block
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
block
|
||||
block
|
||||
block
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
pass
|
||||
nomatch
|
||||
pass
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
block
|
@ -1,40 +0,0 @@
|
||||
nomatch
|
||||
block
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
pass
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
block
|
||||
block
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
pass
|
||||
pass
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
block
|
||||
block
|
||||
block
|
||||
nomatch
|
||||
nomatch
|
||||
pass
|
||||
pass
|
||||
pass
|
||||
nomatch
|
||||
block
|
||||
block
|
||||
block
|
||||
block
|
||||
block
|
||||
pass
|
||||
pass
|
||||
pass
|
||||
pass
|
||||
pass
|
@ -1,36 +0,0 @@
|
||||
block
|
||||
block
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
pass
|
||||
pass
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
block
|
||||
block
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
pass
|
||||
pass
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
block
|
||||
block
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
pass
|
||||
pass
|
@ -1,40 +0,0 @@
|
||||
nomatch
|
||||
block
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
pass
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
block
|
||||
block
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
pass
|
||||
pass
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
block
|
||||
block
|
||||
block
|
||||
nomatch
|
||||
nomatch
|
||||
pass
|
||||
pass
|
||||
pass
|
||||
nomatch
|
||||
block
|
||||
block
|
||||
block
|
||||
block
|
||||
block
|
||||
pass
|
||||
pass
|
||||
pass
|
||||
pass
|
||||
pass
|
@ -1,40 +0,0 @@
|
||||
nomatch
|
||||
block
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
pass
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
block
|
||||
block
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
pass
|
||||
pass
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
block
|
||||
block
|
||||
block
|
||||
nomatch
|
||||
nomatch
|
||||
pass
|
||||
pass
|
||||
pass
|
||||
nomatch
|
||||
block
|
||||
block
|
||||
block
|
||||
block
|
||||
block
|
||||
pass
|
||||
pass
|
||||
pass
|
||||
pass
|
||||
pass
|
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@ -1,54 +0,0 @@
|
||||
block
|
||||
block
|
||||
block
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
pass
|
||||
pass
|
||||
pass
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
block
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
pass
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
block
|
||||
block
|
||||
block
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
pass
|
||||
pass
|
||||
pass
|
@ -1,36 +0,0 @@
|
||||
block
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
pass
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
block
|
||||
nomatch
|
||||
block
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
pass
|
||||
nomatch
|
||||
pass
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
@ -1,108 +0,0 @@
|
||||
block
|
||||
block
|
||||
block
|
||||
block
|
||||
block
|
||||
block
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
pass
|
||||
pass
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
block
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
pass
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
block
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
pass
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
pass
|
||||
pass
|
||||
pass
|
||||
pass
|
||||
pass
|
||||
pass
|
||||
block
|
||||
block
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
pass
|
||||
pass
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
nomatch
|
||||
block
|
||||
block
|
||||
nomatch
|
@ -1,13 +0,0 @@
|
||||
pass in from any to any
|
||||
block out from any to any
|
||||
log in from any to any
|
||||
log body in from any to any
|
||||
count in from any to any
|
||||
pass in from !any to any
|
||||
block in from any to !any
|
||||
pass in on ed0(!) from 127.0.0.1/32 to 127.0.0.1/32
|
||||
block in log first on lo0(!) from any to any
|
||||
pass in log body quick from any to any
|
||||
block return-rst in quick on le0(!) proto tcp from any to any
|
||||
block return-icmp in on qe0(!) from any to any
|
||||
block return-icmp(host-unr) in on qe0(!) from any to any
|
@ -1,4 +0,0 @@
|
||||
pass in from 127.0.0.1/32 to 127.0.0.1/32 with opt sec
|
||||
block in from any to any with not opt sec-class topsecret
|
||||
block in from any to any with not opt sec-class topsecret,secret
|
||||
pass in from any to any with opt sec-class topsecret,confid not opt sec-class unclass
|
@ -1,4 +0,0 @@
|
||||
pass in on ed0(!) proto tcp from 127.0.0.1/32 to 127.0.0.1/32 port = 23 keep state
|
||||
block in log first on lo0(!) proto tcp/udp from any to any keep state
|
||||
pass in proto udp from 127.0.0.1/32 to 127.0.0.1/32 port = 2049 keep frags
|
||||
pass in proto udp from 127.0.0.1/32 to 127.0.0.1/32 port = 53 keep state keep frags
|
@ -1,6 +0,0 @@
|
||||
log in proto tcp from any to any
|
||||
pass in proto tcp from any to any
|
||||
pass in proto udp from 127.0.0.1/32 to 127.0.0.1/32
|
||||
block in proto udp from any to any
|
||||
block in proto 250 from any to any
|
||||
pass in proto tcp/udp from any to any
|
@ -1,8 +0,0 @@
|
||||
log in from any to any
|
||||
pass in from 128.0.0.0/24 to 128.0.0.0/16
|
||||
pass in from 128.0.0.0/24 to 128.0.0.0/16
|
||||
pass in from 128.0.0.0/24 to 128.0.0.0/16
|
||||
pass in from 128.0.0.0/24 to 128.0.0.0/16
|
||||
pass in from 128.0.0.0/24 to 128.0.0.0/16
|
||||
pass in from 127.0.0.1/32 to 127.0.0.1/32
|
||||
block in log from any to any
|
@ -1,7 +0,0 @@
|
||||
log in proto tcp from any port > 0 to any
|
||||
log in proto tcp from any to any port > 0
|
||||
pass in proto tcp from any port != 0 to any port 0 >< 65535
|
||||
pass in proto udp from 127.0.0.1/32 port > 32000 to 127.0.0.1/32 port < 29000
|
||||
block in proto udp from any port != 123 to any port < 123
|
||||
block in proto tcp from any port = 25 to any port > 25
|
||||
pass in proto tcp/udp from any port 1 >< 3 to any port 1 <> 3
|
@ -1,5 +0,0 @@
|
||||
log in from any to any
|
||||
count in tos 0x80 from any to any
|
||||
pass in on ed0(!) tos 0x40 from 127.0.0.1/32 to 127.0.0.1/32
|
||||
block in log on lo0(!) ttl 0 from any to any
|
||||
pass in quick ttl 1 from any to any
|
@ -1,4 +0,0 @@
|
||||
pass in on lo0(!) fastroute from any to any
|
||||
pass in on lo0(!) dup-to qe0(!) from 127.0.0.1/32 to 127.0.0.1/32
|
||||
pass in on qe0(!) dup-to qe0(!):127.0.0.1 from 127.0.0.1/32 to 127.0.0.1/32
|
||||
block in quick on qe0(!) to qe1(!) from any to any
|
@ -1,3 +0,0 @@
|
||||
pass in on ed0(!) proto tcp from 127.0.0.1/32 to 127.0.0.1/32 port = 23 flags S/SA
|
||||
block in on lo0(!) proto tcp from any to any flags A/FSRPAU
|
||||
pass in on lo0(!) proto tcp from any to any flags /SPA
|
@ -1,2 +0,0 @@
|
||||
pass in proto icmp from 127.0.0.1/32 to 127.0.0.1/32 icmp-type timest
|
||||
block in proto icmp from any to any icmp-type unreach code 1
|
@ -1,5 +0,0 @@
|
||||
pass in from 127.0.0.1/32 to 127.0.0.1/32 with short
|
||||
block in from any to any with ipopt
|
||||
pass in from any to any with opt nop,rr,zsu
|
||||
pass in from any to any with opt nop,rr,zsu not opt lsrr,ssrr
|
||||
pass in from 127.0.0.1/32 to 127.0.0.1/32 with not frag
|
@ -1,37 +1,20 @@
|
||||
#!/bin/sh
|
||||
#
|
||||
# $NetBSD: hextest,v 1.4 1998/05/29 21:01:46 veego Exp $
|
||||
# $NetBSD: hextest,v 1.5 2000/02/06 13:05:26 veego Exp $
|
||||
#
|
||||
if [ -f /usr/ucb/touch ] ; then
|
||||
TOUCH=/usr/ucb/touch
|
||||
else
|
||||
if [ -f /usr/bin/touch ] ; then
|
||||
TOUCH=/usr/bin/touch
|
||||
else
|
||||
if [ -f /bin/touch ] ; then
|
||||
TOUCH=/bin/touch
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ -f ../ipftest ] ; then
|
||||
IPFTEST=../ipftest
|
||||
else
|
||||
if [ -f /usr/sbin/ipftest ] ; then
|
||||
IPFTEST=/usr/sbin/ipftest
|
||||
else
|
||||
IPFTEST=ipftest
|
||||
fi
|
||||
fi
|
||||
|
||||
echo "$1...";
|
||||
/bin/cp /dev/null results/$1
|
||||
( while read rule; do
|
||||
echo "$rule" | $IPFTEST -br - -Hi input/$1 >> results/$1;
|
||||
done ) < regress/$1
|
||||
cmp expected/$1 results/$1
|
||||
echo "$rule" | ipftest -br - -Hi ../../../../dist/ipf/test/input/$1 >> results/$1;
|
||||
if [ $? -ne 0 ] ; then
|
||||
exit 1;
|
||||
fi
|
||||
echo "--------" >> results/$1
|
||||
done ) < ../../../../dist/ipf/test/regress/$1
|
||||
cmp ../../../../dist/ipf/test/expected/$1 results/$1
|
||||
status=$?
|
||||
if [ $status = 0 ] ; then
|
||||
$TOUCH $1
|
||||
touch $1
|
||||
fi
|
||||
exit $status
|
||||
|
@ -1,4 +0,0 @@
|
||||
in 127.0.0.1 127.0.0.1
|
||||
in 1.1.1.1 1.2.1.1
|
||||
out 127.0.0.1 127.0.0.1
|
||||
out 1.1.1.1 1.2.1.1
|
@ -1,6 +0,0 @@
|
||||
in 1.1.1.1 2.1.1.1 opt lsrr
|
||||
in 1.1.1.1 2.1.1.1
|
||||
in 1.1.1.1 2.1.1.1 opt ts
|
||||
in 1.1.1.1 2.1.1.1 opt sec-class=topsecret
|
||||
in 1.1.1.1 2.1.1.1 opt ssrr,sec-class=topsecret
|
||||
in 1.1.1.1 2.1.1.1 opt sec
|
@ -1,11 +0,0 @@
|
||||
in on e0 tcp 1.1.1.1,1 2.1.2.2,23 S
|
||||
in on e0 tcp 1.1.1.1,1 2.1.2.2,23 A
|
||||
in on e1 tcp 2.1.2.2,23 1.1.1.1,1 A
|
||||
in on e0 tcp 1.1.1.1,1 2.1.2.2,23 F
|
||||
in on e0 tcp 1.1.1.1,1 2.1.2.2,23 A
|
||||
in on e0 tcp 1.1.1.1,2 2.1.2.2,23 A
|
||||
in on e1 udp 1.1.1.1,1 4.4.4.4,53
|
||||
in on e1 udp 2.2.2.2,2 4.4.4.4,53
|
||||
in on e0 udp 4.4.4.4,53 1.1.1.1,1
|
||||
in on e0 udp 4.4.4.4,1023 1.1.1.1,2049
|
||||
in on e0 udp 4.4.4.4,2049 1.1.1.1,1023
|
@ -1,35 +0,0 @@
|
||||
# 1.1.1.1,1025 -> 2.1.1.1,25 TTL=63 TCP DF SYN
|
||||
45 00 0028 0000 4000 3f 06 0000 01010101 02010101
|
||||
0401 0019 00000000 00000000 50 02 2000 0000 0000
|
||||
|
||||
# 1.1.1.1,1025 -> 2.1.1.1,25 TTL=63 TCP DF ACK
|
||||
45 00 0028 0000 4000 3f 06 0000 01010101 02010101
|
||||
0401 0019 00000000 00000000 50 10 2000 0000 0000
|
||||
|
||||
# 1.1.1.1,1025 -> 2.1.1.1,25 TTL=63 TCP DF MF FO=0 ACK
|
||||
45 00 0028 0000 6000 3f 06 0000 01010101 02010101
|
||||
0401 0019 00000000 00000000 50 10 2000 0000 0000
|
||||
|
||||
# 1.1.1.1,1025 -> 2.1.1.1,25 TTL=63 TCP DF FO=0
|
||||
45 00 001c 0000 6000 3f 06 0000 01010101 02010101
|
||||
0401 0019 00000000
|
||||
|
||||
# 1.1.1.1 -> 2.1.1.1 TTL=63 TCP DF FO=1 ACK
|
||||
45 00 001c 0000 6001 3f 06 0000 01010101 02010101
|
||||
00000000 50 10 2000
|
||||
|
||||
# 1.1.1.1 -> 2.1.1.1 TTL=63 UDP DF MF FO=0
|
||||
45 00 0014 0000 6000 3f 11 0000 01010101 02010101
|
||||
|
||||
# 1.1.1.1,53 -> 2.1.1.1,53 TTL=63 UDP MF FO=0
|
||||
45 00 0018 0000 2000 3f 11 0000 01010101 02010101
|
||||
0035 0035
|
||||
|
||||
# 1.1.1.1,1 -> 2.1.1.1,1 TTL=63 UDP MF FO=0
|
||||
45 00 001c 0000 2000 3f 11 0000 01010101 02010101
|
||||
0001 0001 0004 0000
|
||||
|
||||
# 1.1.1.1,53 -> 2.1.1.1,53 TTL=63 UDP MF FO=0
|
||||
45 00 001c 0000 2000 3f 11 0000 01010101 02010101
|
||||
0035 0035 0004 0000
|
||||
|
@ -1,39 +0,0 @@
|
||||
# 1.1.1.1,1025 -> 2.1.1.1,25 TTL=63 TCP DF,MF,FO=0 SYN
|
||||
45 00 0028 0001 4000 3f 06 0000 01010101 02010101
|
||||
0401 0019 00000000 00000000 50 02 2000 0000 0000
|
||||
|
||||
# 1.1.1.1,1025 -> 2.1.1.1,25 TTL=63 TCP MF ACK
|
||||
45 00 0024 0002 2000 3f 06 0000 01010101 02010101
|
||||
0401001900000000 0000000050102000
|
||||
|
||||
# 1.1.1.1,1025 -> 2.1.1.1,25 TTL=63 TCP FO=2 ACK
|
||||
45 00 002c 0002 0002 3f 06 0000 01010101 02010101
|
||||
0000000000010203 0405060708090a0b 0c0d0e0f10111213
|
||||
|
||||
# 1.1.1.1,1025 -> 2.1.1.1,25 TTL=63 TCP DF MF FO=0 SYN
|
||||
45 00 0028 0003 6000 3f 06 0000 01010101 02010101
|
||||
0401 0019 00000000 00000000 50 10 2000 0000 0000
|
||||
|
||||
# 1.1.1.1,1025 -> 2.1.1.1,25 TTL=63 TCP DF FO=0
|
||||
45 00 001c 0004 6000 3f 06 0000 01010101 02010101
|
||||
0401 0019 00000000
|
||||
|
||||
# 1.1.1.1 -> 2.1.1.1 TTL=63 TCP DF FO=1 SYN
|
||||
45 00 001c 0005 6001 3f 06 0000 01010101 02010101
|
||||
00000000 50 10 2000
|
||||
|
||||
# 1.1.1.1 -> 2.1.1.1 TTL=63 UDP DF MF FO=0
|
||||
45 00 0014 0006 6000 3f 11 0000 01010101 02010101
|
||||
|
||||
# 1.1.1.1,53 -> 2.1.1.1,53 TTL=63 UDP MF FO=0
|
||||
45 00 0018 0007 2000 3f 11 0000 01010101 02010101
|
||||
0035 0035
|
||||
|
||||
# 1.1.1.1,1 -> 2.1.1.1,1 TTL=63 UDP MF FO=0
|
||||
45 00 001c 0008 2000 3f 11 0000 01010101 02010101
|
||||
0035003500040000
|
||||
|
||||
# 1.1.1.1,53 -> 2.1.1.1,53 TTL=63 UDP FO=1
|
||||
45 00 001c 0008 0001 3f 11 0000 01010101 02010101
|
||||
0000000000000000
|
||||
|
@ -1,5 +0,0 @@
|
||||
in 127.0.0.1 127.0.0.1
|
||||
in 1.1.1.1 1.2.1.1
|
||||
in 1.1.1.2 1.2.1.1
|
||||
in 1.1.2.2 1.2.1.1
|
||||
in 1.2.2.2 1.2.1.1
|
@ -1,6 +0,0 @@
|
||||
in tcp 127.0.0.1,1 127.0.0.1,21
|
||||
in tcp 1.1.1.1,1 1.2.1.1,21
|
||||
in udp 127.0.0.1,1 127.0.0.1,21
|
||||
in udp 1.1.1.1,1 1.2.1.1,21
|
||||
in icmp 127.0.0.1 127.0.0.1
|
||||
in icmp 1.1.1.1 1.2.1.1
|
@ -1,5 +0,0 @@
|
||||
in 127.0.0.1 127.0.0.1
|
||||
in 1.1.1.1 1.2.1.1
|
||||
in 1.1.1.2 1.2.1.1
|
||||
in 1.1.2.2 1.2.1.1
|
||||
in 1.2.2.2 1.2.1.1
|
@ -1,5 +0,0 @@
|
||||
in 127.0.0.1 127.0.0.1
|
||||
in 1.1.1.1 1.1.1.1
|
||||
in 1.1.1.1 1.1.1.2
|
||||
in 1.1.1.1 1.1.2.2
|
||||
in 1.1.1.1 1.2.2.2
|
@ -1,28 +0,0 @@
|
||||
in tcp 1.1.1.1,0 2.2.2.2,2222
|
||||
in tcp 1.1.1.1,1 2.2.2.2,2222
|
||||
in tcp 1.1.1.1,23 2.2.2.2,2222
|
||||
in tcp 1.1.1.1,21 2.2.2.2,2222
|
||||
in tcp 1.1.1.1,1023 2.2.2.2,2222
|
||||
in tcp 1.1.1.1,1024 2.2.2.2,2222
|
||||
in tcp 1.1.1.1,1025 2.2.2.2,2222
|
||||
in tcp 1.1.1.1,32767 2.2.2.2,2222
|
||||
in tcp 1.1.1.1,32768 2.2.2.2,2222
|
||||
in tcp 1.1.1.1,65535 2.2.2.2,2222
|
||||
in tcp 1.1.1.1,5999 2.2.2.2,2222
|
||||
in tcp 1.1.1.1,6000 2.2.2.2,2222
|
||||
in tcp 1.1.1.1,6009 2.2.2.2,2222
|
||||
in tcp 1.1.1.1,6010 2.2.2.2,2222
|
||||
in udp 1.1.1.1,0 2.2.2.2,2222
|
||||
in udp 1.1.1.1,1 2.2.2.2,2222
|
||||
in udp 1.1.1.1,23 2.2.2.2,2222
|
||||
in udp 1.1.1.1,21 2.2.2.2,2222
|
||||
in udp 1.1.1.1,1023 2.2.2.2,2222
|
||||
in udp 1.1.1.1,1024 2.2.2.2,2222
|
||||
in udp 1.1.1.1,1025 2.2.2.2,2222
|
||||
in udp 1.1.1.1,32767 2.2.2.2,2222
|
||||
in udp 1.1.1.1,32768 2.2.2.2,2222
|
||||
in udp 1.1.1.1,65535 2.2.2.2,2222
|
||||
in udp 1.1.1.1,5999 2.2.2.2,2222
|
||||
in udp 1.1.1.1,6000 2.2.2.2,2222
|
||||
in udp 1.1.1.1,6009 2.2.2.2,2222
|
||||
in udp 1.1.1.1,6010 2.2.2.2,2222
|
@ -1,28 +0,0 @@
|
||||
in tcp 2.2.2.2,2222 1.1.1.1,0
|
||||
in tcp 2.2.2.2,2222 1.1.1.1,1
|
||||
in tcp 2.2.2.2,2222 1.1.1.1,23
|
||||
in tcp 2.2.2.2,2222 1.1.1.1,21
|
||||
in tcp 2.2.2.2,2222 1.1.1.1,1023
|
||||
in tcp 2.2.2.2,2222 1.1.1.1,1024
|
||||
in tcp 2.2.2.2,2222 1.1.1.1,1025
|
||||
in tcp 2.2.2.2,2222 1.1.1.1,32767
|
||||
in tcp 2.2.2.2,2222 1.1.1.1,32768
|
||||
in tcp 2.2.2.2,2222 1.1.1.1,65535
|
||||
in tcp 2.2.2.2,2222 1.1.1.1,5999
|
||||
in tcp 2.2.2.2,2222 1.1.1.1,6000
|
||||
in tcp 2.2.2.2,2222 1.1.1.1,6009
|
||||
in tcp 2.2.2.2,2222 1.1.1.1,6010
|
||||
in udp 2.2.2.2,2222 1.1.1.1,0
|
||||
in udp 2.2.2.2,2222 1.1.1.1,1
|
||||
in udp 2.2.2.2,2222 1.1.1.1,23
|
||||
in udp 2.2.2.2,2222 1.1.1.1,21
|
||||
in udp 2.2.2.2,2222 1.1.1.1,1023
|
||||
in udp 2.2.2.2,2222 1.1.1.1,1024
|
||||
in udp 2.2.2.2,2222 1.1.1.1,1025
|
||||
in udp 2.2.2.2,2222 1.1.1.1,32767
|
||||
in udp 2.2.2.2,2222 1.1.1.1,32768
|
||||
in udp 2.2.2.2,2222 1.1.1.1,65535
|
||||
in udp 2.2.2.2,2222 1.1.1.1,5999
|
||||
in udp 2.2.2.2,2222 1.1.1.1,6000
|
||||
in udp 2.2.2.2,2222 1.1.1.1,6009
|
||||
in udp 2.2.2.2,2222 1.1.1.1,6010
|
@ -1,9 +0,0 @@
|
||||
in icmp 1.1.1.1 2.1.1.1 echo
|
||||
in icmp 1.1.1.1 2.1.1.1 echo,1
|
||||
in icmp 1.1.1.1 2.1.1.1 echo,3
|
||||
in icmp 1.1.1.1 2.1.1.1 unreach
|
||||
in icmp 1.1.1.1 2.1.1.1 unreach,1
|
||||
in icmp 1.1.1.1 2.1.1.1 unreach,3
|
||||
in icmp 1.1.1.1 2.1.1.1 echorep
|
||||
in icmp 1.1.1.1 2.1.1.1 echorep,1
|
||||
in icmp 1.1.1.1 2.1.1.1 echorep,3
|
@ -1,6 +0,0 @@
|
||||
in tcp 1.1.1.1,1 2.1.2.2,1 S
|
||||
in tcp 1.1.1.1,1 2.1.2.2,1 SA
|
||||
in tcp 1.1.1.1,1 2.1.2.2,1 SF
|
||||
in tcp 1.1.1.1,1 2.1.2.2,1 SFPAUR
|
||||
in tcp 1.1.1.1,1 2.1.2.2,1 PAU
|
||||
in tcp 1.1.1.1,1 2.1.2.2,1 A
|
@ -1,6 +0,0 @@
|
||||
in 1.1.1.1 2.1.1.1 opt lsrr
|
||||
in 1.1.1.1 2.1.1.1 opt lsrr,ssrr
|
||||
in 1.1.1.1 2.1.1.1 opt ts
|
||||
in 1.1.1.1 2.1.1.1 opt sec-class=topsecret
|
||||
in 1.1.1.1 2.1.1.1 opt ssrr,sec-class=topsecret
|
||||
in 1.1.1.1 2.1.1.1 opt sec
|
@ -1,35 +1,14 @@
|
||||
#!/bin/sh
|
||||
#
|
||||
# $NetBSD: itest,v 1.4 1998/05/29 21:01:47 veego Exp $
|
||||
# $NetBSD: itest,v 1.5 2000/02/06 13:05:27 veego Exp $
|
||||
#
|
||||
if [ -f /usr/ucb/touch ] ; then
|
||||
TOUCH=/usr/ucb/touch
|
||||
else
|
||||
if [ -f /usr/bin/touch ] ; then
|
||||
TOUCH=/usr/bin/touch
|
||||
else
|
||||
if [ -f /bin/touch ] ; then
|
||||
TOUCH=/bin/touch
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ -f ../ipf ] ; then
|
||||
IPF=../ipf
|
||||
else
|
||||
if [ -f /usr/sbin/ipf ] ; then
|
||||
IPF=/usr/sbin/ipf
|
||||
else
|
||||
IPF=ipf
|
||||
fi
|
||||
fi
|
||||
|
||||
echo "$1...";
|
||||
/bin/cp /dev/null results/$1
|
||||
$IPF -nvf regress/$1 2>/dev/null > results/$1
|
||||
cmp expected/$1 results/$1
|
||||
ipf -nvf ../../../../dist/ipf/test/regress/$1 2>/dev/null > results/$1
|
||||
cmp ../../../../dist/ipf/test/expected/$1 results/$1
|
||||
status=$?
|
||||
if [ $status = 0 ] ; then
|
||||
$TOUCH $1
|
||||
touch $1
|
||||
fi
|
||||
exit $status
|
||||
|
20
usr.sbin/ipf/ipftest/test/nattest
Normal file
20
usr.sbin/ipf/ipftest/test/nattest
Normal file
@ -0,0 +1,20 @@
|
||||
#!/bin/sh
|
||||
#
|
||||
# $NetBSD: nattest,v 1.1 2000/02/06 13:05:27 veego Exp $
|
||||
#
|
||||
|
||||
echo "$1...";
|
||||
/bin/cp /dev/null results/$1
|
||||
( while read rule; do
|
||||
echo "$rule" | ipftest -Nbr - -i ../../../../dist/ipf/test/input/$1 >> results/$1;
|
||||
if [ $? -ne 0 ] ; then
|
||||
exit 1;
|
||||
fi
|
||||
echo "-------------------------------" >> results/$1
|
||||
done ) < ../../../../dist/ipf/test/regress/$1
|
||||
cmp ../../../../dist/ipf/test/expected/$1 results/$1
|
||||
status=$?
|
||||
if [ $status = 0 ] ; then
|
||||
touch $1
|
||||
fi
|
||||
exit $status
|
@ -1,4 +0,0 @@
|
||||
block in all
|
||||
pass in all
|
||||
block out all
|
||||
pass out all
|
@ -1,18 +0,0 @@
|
||||
block in from any to any with not ipopts
|
||||
pass in from any to any with not opt sec-class topsecret
|
||||
block in from any to any with not opt ssrr,sec-class topsecret
|
||||
pass in from any to any with not opt ssrr,sec-class topsecret
|
||||
block in from any to any with not opt ts,sec-class topsecret
|
||||
pass in from any to any with not opt ts,sec-class topsecret
|
||||
block in from any to any with not opt sec-class secret
|
||||
pass in from any to any with not opt sec-class secret
|
||||
block in from any to any with not opt lsrr,ssrr
|
||||
pass in from any to any with not opt lsrr,ssrr
|
||||
pass in from any to any with not ipopts
|
||||
block in from any to any with not opt lsrr
|
||||
pass in from any to any with not opt lsrr
|
||||
block in from any to any with not opt ssrr,ts
|
||||
pass in from any to any with not opt ssrr,ts
|
||||
block in from any to any with not opt rr
|
||||
pass in from any to any with not opt rr
|
||||
block in from any to any with not opt sec-class topsecret
|
@ -1,6 +0,0 @@
|
||||
pass in proto tcp from any to any port = 23 flags S/SA keep state
|
||||
block in proto tcp from any to any port = 23 flags S/SA keep state
|
||||
pass in proto udp from any to any port = 53 keep frags
|
||||
block in proto udp from any to any port = 53 keep frags
|
||||
pass in proto udp from any to any port = 53 keep state
|
||||
block in proto udp from any to any port = 53 keep state
|
@ -1,6 +0,0 @@
|
||||
pass in proto tcp from any port > 1024 to any port = 25 with not short
|
||||
pass in proto tcp from any port > 1024 to any port = 25
|
||||
block in proto tcp from any to any with short
|
||||
block in proto tcp from any to any with frag
|
||||
pass in proto udp from any port = 53 to any port = 53
|
||||
block in proto udp from any port = 53 to any port = 53 with not short
|
@ -1,6 +0,0 @@
|
||||
pass in proto tcp from any to any port = 25 flags S/SA keep frags
|
||||
block in proto tcp from any to any port = 25 flags S/SA keep frags
|
||||
pass in proto udp from any to any port = 53 keep frags
|
||||
block in proto udp from any to any port = 53 keep frags
|
||||
pass in proto tcp from any to any port = 25 flags S/SA keep state keep frags
|
||||
block in proto tcp from any to any port = 25 flags S/SA keep state keep frags
|
@ -1,8 +0,0 @@
|
||||
block in from !1.1.1.1 to any
|
||||
pass in from 1.1.1.1 to !any
|
||||
block in from 1.1.1.1/24 to !any
|
||||
pass in from !1.1.1.1/24 to any
|
||||
block in from !1.1.1.1/16 to any
|
||||
pass in from 1.1.1.1/16 to !any
|
||||
block in from 1.1.1.1/0 to !any
|
||||
pass in from !1.1.1.1/0 to any
|
@ -1,6 +0,0 @@
|
||||
block in proto tcp from any to any
|
||||
pass in proto tcp from any to any
|
||||
block in proto udp from any to any
|
||||
pass in proto udp from any to any
|
||||
block in proto icmp from any to any
|
||||
pass in proto icmp from any to any
|
@ -1,8 +0,0 @@
|
||||
block in from 1.1.1.1 to any
|
||||
pass in from 1.1.1.1 to any
|
||||
block in from 1.1.1.1/24 to any
|
||||
pass in from 1.1.1.1/24 to any
|
||||
block in from 1.1.1.1/16 to any
|
||||
pass in from 1.1.1.1/16 to any
|
||||
block in from 1.1.1.1/0 to any
|
||||
pass in from 1.1.1.1/0 to any
|
@ -1,8 +0,0 @@
|
||||
block in from any to 1.1.1.1
|
||||
pass in from any to 1.1.1.1
|
||||
block in from any to 1.1.1.1/24
|
||||
pass in from any to 1.1.1.1/24
|
||||
block in from any to 1.1.1.1/16
|
||||
pass in from any to 1.1.1.1/16
|
||||
block in from any to 1.1.1.1/0
|
||||
pass in from any to 1.1.1.1/0
|
@ -1,48 +0,0 @@
|
||||
block in proto tcp from any port = 23 to any
|
||||
block in proto udp from any port = 23 to any
|
||||
block in proto tcp/udp from any port = 23 to any
|
||||
pass in proto tcp from any port <= 1023 to any
|
||||
pass in proto udp from any port <= 1023 to any
|
||||
pass in proto tcp/udp from any port <= 1023 to any
|
||||
block in proto tcp from any port >= 1024 to any
|
||||
block in proto udp from any port >= 1024 to any
|
||||
block in proto tcp/udp from any port >= 1024 to any
|
||||
pass in proto tcp from any port >= 1024 to any
|
||||
pass in proto udp from any port >= 1024 to any
|
||||
pass in proto tcp/udp from any port >= 1024 to any
|
||||
block in proto tcp from any port 0 >< 512 to any
|
||||
block in proto udp from any port 0 >< 512 to any
|
||||
block in proto tcp/udp from any port 0 >< 512 to any
|
||||
pass in proto tcp from any port 0 >< 512 to any
|
||||
pass in proto udp from any port 0 >< 512 to any
|
||||
pass in proto tcp/udp from any port 0 >< 512 to any
|
||||
block in proto tcp from any port 6000 <> 6009 to any
|
||||
block in proto udp from any port 6000 <> 6009 to any
|
||||
block in proto tcp/udp from any port 6000 <> 6009 to any
|
||||
pass in proto tcp from any port 6000 <> 6009 to any
|
||||
pass in proto udp from any port 6000 <> 6009 to any
|
||||
pass in proto tcp/udp from any port 6000 <> 6009 to any
|
||||
pass in proto tcp from any port = 23 to any
|
||||
pass in proto udp from any port = 23 to any
|
||||
pass in proto tcp/udp from any port = 23 to any
|
||||
block in proto tcp from any port != 21 to any
|
||||
block in proto udp from any port != 21 to any
|
||||
block in proto tcp/udp from any port != 21 to any
|
||||
pass in proto tcp from any port != 21 to any
|
||||
pass in proto udp from any port != 21 to any
|
||||
pass in proto tcp/udp from any port != 21 to any
|
||||
block in proto tcp from any port < 1024 to any
|
||||
block in proto udp from any port < 1024 to any
|
||||
block in proto tcp/udp from any port < 1024 to any
|
||||
pass in proto tcp from any port < 1024 to any
|
||||
pass in proto udp from any port < 1024 to any
|
||||
pass in proto tcp/udp from any port < 1024 to any
|
||||
block in proto tcp from any port > 1023 to any
|
||||
block in proto udp from any port > 1023 to any
|
||||
block in proto tcp/udp from any port > 1023 to any
|
||||
pass in proto tcp from any port > 1023 to any
|
||||
pass in proto udp from any port > 1023 to any
|
||||
pass in proto tcp/udp from any port > 1023 to any
|
||||
block in proto tcp from any port <= 1023 to any
|
||||
block in proto udp from any port <= 1023 to any
|
||||
block in proto tcp/udp from any port <= 1023 to any
|
@ -1,48 +0,0 @@
|
||||
block in proto tcp from any to any port = 23
|
||||
block in proto udp from any to any port = 23
|
||||
block in proto tcp/udp from any to any port = 23
|
||||
pass in proto tcp from any to any port <= 1023
|
||||
pass in proto udp from any to any port <= 1023
|
||||
pass in proto tcp/udp from any to any port <= 1023
|
||||
block in proto tcp from any to any port >= 1024
|
||||
block in proto udp from any to any port >= 1024
|
||||
block in proto tcp/udp from any to any port >= 1024
|
||||
pass in proto tcp from any to any port >= 1024
|
||||
pass in proto udp from any to any port >= 1024
|
||||
pass in proto tcp/udp from any to any port >= 1024
|
||||
block in proto tcp from any to any port 0 >< 512
|
||||
block in proto udp from any to any port 0 >< 512
|
||||
block in proto tcp/udp from any to any port 0 >< 512
|
||||
pass in proto tcp from any to any port 0 >< 512
|
||||
pass in proto udp from any to any port 0 >< 512
|
||||
pass in proto tcp/udp from any to any port 0 >< 512
|
||||
block in proto tcp from any to any port 6000 <> 6009
|
||||
block in proto udp from any to any port 6000 <> 6009
|
||||
block in proto tcp/udp from any to any port 6000 <> 6009
|
||||
pass in proto tcp from any to any port 6000 <> 6009
|
||||
pass in proto udp from any to any port 6000 <> 6009
|
||||
pass in proto tcp/udp from any to any port 6000 <> 6009
|
||||
pass in proto tcp from any to any port = 23
|
||||
pass in proto udp from any to any port = 23
|
||||
pass in proto tcp/udp from any to any port = 23
|
||||
block in proto tcp from any to any port != 21
|
||||
block in proto udp from any to any port != 21
|
||||
block in proto tcp/udp from any to any port != 21
|
||||
pass in proto tcp from any to any port != 21
|
||||
pass in proto udp from any to any port != 21
|
||||
pass in proto tcp/udp from any to any port != 21
|
||||
block in proto tcp from any to any port < 1024
|
||||
block in proto udp from any to any port < 1024
|
||||
block in proto tcp/udp from any to any port < 1024
|
||||
pass in proto tcp from any to any port < 1024
|
||||
pass in proto udp from any to any port < 1024
|
||||
pass in proto tcp/udp from any to any port < 1024
|
||||
block in proto tcp from any to any port > 1023
|
||||
block in proto udp from any to any port > 1023
|
||||
block in proto tcp/udp from any to any port > 1023
|
||||
pass in proto tcp from any to any port > 1023
|
||||
pass in proto udp from any to any port > 1023
|
||||
pass in proto tcp/udp from any to any port > 1023
|
||||
block in proto tcp from any to any port <= 1023
|
||||
block in proto udp from any to any port <= 1023
|
||||
block in proto tcp/udp from any to any port <= 1023
|
@ -1,6 +0,0 @@
|
||||
block in proto icmp from any to any icmp-type echo
|
||||
pass in proto icmp from any to any icmp-type echo
|
||||
block in proto icmp from any to any icmp-type unreach code 3
|
||||
pass in proto icmp from any to any icmp-type unreach code 3
|
||||
block in proto icmp from any to any icmp-type echorep
|
||||
pass in proto icmp from any to any icmp-type echorep
|
@ -1,6 +0,0 @@
|
||||
block in proto tcp from any to any flags S
|
||||
pass in proto tcp from any to any flags S
|
||||
block in proto tcp from any to any flags S/SA
|
||||
pass in proto tcp from any to any flags S/SA
|
||||
block in proto tcp from any to any flags S/APU
|
||||
pass in proto tcp from any to any flags S/APU
|
@ -1,18 +0,0 @@
|
||||
block in from any to any with ipopts
|
||||
pass in from any to any with opt sec-class topsecret
|
||||
block in from any to any with opt ssrr,sec-class topsecret
|
||||
pass in from any to any with opt ssrr,sec-class topsecret
|
||||
block in from any to any with opt ts,sec-class topsecret
|
||||
pass in from any to any with opt ts,sec-class topsecret
|
||||
block in from any to any with opt sec-class secret
|
||||
pass in from any to any with opt sec-class secret
|
||||
block in from any to any with opt lsrr,ssrr
|
||||
pass in from any to any with opt lsrr,ssrr
|
||||
pass in from any to any with ipopts
|
||||
block in from any to any with opt lsrr
|
||||
pass in from any to any with opt lsrr
|
||||
block in from any to any with opt ssrr,ts
|
||||
pass in from any to any with opt ssrr,ts
|
||||
block in from any to any with opt rr
|
||||
pass in from any to any with opt rr
|
||||
block in from any to any with opt sec-class topsecret
|
@ -1,13 +0,0 @@
|
||||
pass in all
|
||||
block out all
|
||||
log in all
|
||||
log body in all
|
||||
count in from any to any
|
||||
pass in from !any to any
|
||||
block in from any to !any
|
||||
pass in on ed0 from localhost to localhost
|
||||
block in log first on lo0 from any to any
|
||||
pass in log body quick from any to any
|
||||
block return-rst in quick on le0 proto tcp from any to any
|
||||
block return-icmp in on qe0 from any to any
|
||||
block return-icmp(1) in on qe0 from any to any
|
@ -1,4 +0,0 @@
|
||||
pass in from localhost to localhost with opt sec
|
||||
block in from any to any with not opt sec-class topsecret
|
||||
block in from any to any with not opt sec-class topsecret,secret
|
||||
pass in from any to any with opt sec-class topsecret,confid not opt sec-class unclass
|
@ -1,4 +0,0 @@
|
||||
pass in on ed0 proto tcp from localhost to localhost port = telnet keep state
|
||||
block in log first on lo0 proto tcp/udp from any to any keep state
|
||||
pass in proto udp from localhost to localhost port = 2049 keep frags
|
||||
pass in proto udp from localhost to localhost port = 53 keep state keep frags
|
@ -1,6 +0,0 @@
|
||||
log in proto tcp all
|
||||
pass in proto 6 from any to any
|
||||
pass in proto udp from localhost to localhost
|
||||
block in proto 17 from any to any
|
||||
block in proto 250 from any to any
|
||||
pass in proto tcp/udp from any to any
|
@ -1,8 +0,0 @@
|
||||
log in all
|
||||
pass in from 128.0.0.1/24 to 128.0.0.1/16
|
||||
pass in from 128.0.0.1/0xffffff00 to 128.0.0.1/0xffff0000
|
||||
pass in from 128.0.0.1/255.255.255.0 to 128.0.0.1/255.255.0.0
|
||||
pass in from 128.0.0.1 mask 0xffffff00 to 128.0.0.1 mask 0xffff0000
|
||||
pass in from 128.0.0.1 mask 255.255.255.0 to 128.0.0.1 mask 255.255.0.0
|
||||
pass in from localhost to localhost
|
||||
block in log from 0/0 to 0/0
|
@ -1,7 +0,0 @@
|
||||
log in proto tcp from any port > 0 to any
|
||||
log in proto tcp from any to any port > 0
|
||||
pass in proto 6 from any port != 0 to any port 0 >< 65535
|
||||
pass in proto 17 from localhost port > 32000 to localhost port < 29000
|
||||
block in proto udp from any port != ntp to any port < ntp
|
||||
block in proto tcp from any port = smtp to any port > 25
|
||||
pass in proto tcp/udp from any port 1 >< 3 to any port 1 <> 3
|
@ -1,5 +0,0 @@
|
||||
log in all
|
||||
count in tos 0x80 from any to any
|
||||
pass in on ed0 tos 64 from localhost to localhost
|
||||
block in log on lo0 ttl 0 from any to any
|
||||
pass in quick ttl 1 from any to any
|
@ -1,4 +0,0 @@
|
||||
pass in on lo0 fastroute from any to any
|
||||
pass in on lo0 dup-to qe0 from localhost to localhost
|
||||
pass in on qe0 dup-to qe0:127.0.0.1 from localhost to localhost
|
||||
block in quick on qe0 to qe1 from any to any
|
@ -1,3 +0,0 @@
|
||||
pass in on ed0 proto tcp from localhost to localhost port = 23 flags S/SA
|
||||
block in on lo0 proto tcp from any to any flags A
|
||||
pass in on lo0 proto tcp from any to any flags /SAP
|
@ -1,2 +0,0 @@
|
||||
pass in proto icmp from localhost to localhost icmp-type timest
|
||||
block in proto icmp from any to any icmp-type unreach code 1
|
@ -1,5 +0,0 @@
|
||||
pass in from localhost to localhost with short
|
||||
block in from any to any with ipopts
|
||||
pass in from any to any with opt nop,rr,zsu
|
||||
pass in from any to any with opt nop,rr,zsu not opt ssrr,lsrr
|
||||
pass in from localhost to localhost with not frag
|
Loading…
Reference in New Issue
Block a user