4d7709ddf6
Copy the most important test cases from OpenBSD's corresponding src/regress/sbin/pfctl, those that run pfctl on a test input file and check correctness of its output. We have also added some new tests using the same format. The tests consist of a collection of input files (pf*.in) and corresponding output files (pf*.ok). We run pfctl -nv on the input files and check that the output matches the output files. If any discrepancy is discovered during future development in the source tree, we know that a regression bug has been introduced into the tree. Submitted by: paggas Sponsored by: Google, Inc (GSoC 2017) Differential Revision: https://reviews.freebsd.org/D11322
17 lines
507 B
Plaintext
17 lines
507 B
Plaintext
block in all
|
|
block in proto tcp all
|
|
block in proto { tcp, udp } all
|
|
|
|
block in from any to any
|
|
block in from 10.0.0.0/8 to any
|
|
block in from ! 10.0.0.0/8 to any
|
|
block in from { 10.0.0.0/8, 172.16.0.0/12 } to any
|
|
|
|
block in proto tcp from any port = ssh to any
|
|
block in proto tcp from any port { ssh, ftp >< 2048, != 1234, >= www } \
|
|
to any port 1024:2048
|
|
|
|
block in proto { tcp, udp } from { 10.0.0.0/8, 172.16.0.0/12 } port { ssh, ftp } \
|
|
to { 192.168.0.0/16, 12.34.56.78 } port { 6667, 6668, 6669:65535 }
|
|
|