d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
7d0368ee34
freebsd-dev/sbin/pfctl/tests/files/pf0007.ok
Kristof Provost 4d7709ddf6 pfctl parser tests 
Copy the most important test cases from OpenBSD's corresponding
src/regress/sbin/pfctl, those that run pfctl on a test input file and check
correctness of its output. We have also added some new tests using the same
format.

The tests consist of a collection of input files (pf*.in) and
corresponding output files (pf*.ok). We run pfctl -nv on the input
files and check that the output matches the output files. If any
discrepancy is discovered during future development in the source
tree, we know that a regression bug has been introduced into the tree.

Submitted by:	paggas
Sponsored by:	Google, Inc (GSoC 2017)
Differential Revision:	https://reviews.freebsd.org/D11322
2017-07-15 19:22:01 +00:00

28 lines
1.7 KiB
Plaintext
Raw Blame History

block drop out log on tun1000000 all
block drop in log on tun1000000 all
block return-rst out log on tun1000000 proto tcp all
block return-rst in log on tun1000000 proto tcp all
block return-icmp(port-unr, port-unr) out log on tun1000000 proto udp all
block return-icmp(port-unr, port-unr) in log on tun1000000 proto udp all
block drop out log quick on tun1000000 inet from ! 157.161.48.183 to any
block drop in quick on tun1000000 inet from any to 255.255.255.255
block drop in log quick on tun1000000 inet from 10.0.0.0/8 to any
block drop in log quick on tun1000000 inet from 172.16.0.0/12 to any
block drop in log quick on tun1000000 inet from 192.168.0.0/16 to any
block drop in log quick on tun1000000 inet from 255.255.255.255 to any
pass out on tun1000000 inet proto icmp all icmp-type echoreq code 0 keep state
pass in on tun1000000 inet proto icmp all icmp-type echoreq code 0 keep state
pass out on tun1000000 proto udp all keep state
pass in on tun1000000 proto udp from any to any port = domain keep state
pass out on tun1000000 proto tcp all flags S/SA modulate state
pass in on tun1000000 proto tcp all flags S/SA modulate state
pass in on tun1000000 proto udp all keep state
pass in on tun1000000 proto icmp all keep state
pass in on tun1000000 proto udp all keep state
pass in on tun1000000 proto tcp all flags S/SA synproxy state
pass in on tun1000000 proto icmp all keep state
pass in on tun1000000 proto tcp from any to any port = ssh flags S/SA modulate state
pass in on tun1000000 proto tcp from any to any port = smtp flags S/SA modulate state
pass in on tun1000000 proto tcp from any to any port = domain flags S/SA modulate state
pass in on tun1000000 proto tcp from any to any port = auth flags S/SA modulate state
Reference in New Issue View Git Blame Copy Permalink