NetBSD/usr.sbin/ipf/rules/tcpstate

14 lines
453 B
Plaintext

#
# Only allow TCP packets in/out of le0 if there is an outgoing connection setup
# somewhere, waiting for it.
#
pass out quick on le0 proto tcp from any to any flags S/SAFR keep state
block out on le0 proto tcp all
block in on le0 proto tcp all
#
# allow nameserver queries and replies to pass through, but no other UDP
#
pass out quick on le0 proto udp from any to any port = 53 keep state
block out on le0 proto udp all
block in on le0 proto udp all