Skip to content

Instantly share code, notes, and snippets.

@tandyuk tandyuk/ifconfig Secret
Created Oct 5, 2015

Embed
What would you like to do?
sge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=c0098<VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,VLAN_HWTSO,LINKSTATE>
ether 00:1c:25:4d:f7:7d
inet6 fe80::21c:25ff:fe4d:f77d%sge0 prefixlen 64 scopeid 0x1
nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=98<VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM>
ether 00:02:a5:4f:2a:81
inet6 fe80::202:a5ff:fe4f:2a81%em0 prefixlen 64 scopeid 0x2
inet 192.168.65.1 netmask 0xfffffc00 broadcast 192.168.67.255
inet6 2a02:13a0:a006:1:: prefixlen 64
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
em1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=98<VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM>
ether 00:02:a5:4f:2a:80
inet6 fe80::202:a5ff:fe4f:2a80%em1 prefixlen 64 scopeid 0x3
inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=82098<VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
ether 48:02:2a:07:35:d5
inet6 fe80::4a02:2aff:fe07:35d5%re0 prefixlen 64 scopeid 0x4
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet autoselect (1000baseT <full-duplex,master>)
status: active
pflog0: flags=100<PROMISC> metric 0 mtu 33144
pfsync0: flags=0<> metric 0 mtu 1500
syncpeer: 224.0.0.240 maxupd: 128 defer: on
syncok: 1
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x7
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
enc0: flags=41<UP,RUNNING> metric 0 mtu 1536
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
re0_vlan90: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether 48:02:2a:07:35:d5
inet6 fe80::4a02:2aff:fe07:35d5%re0_vlan90 prefixlen 64 scopeid 0x9
inet 10.0.0.1 netmask 0xffffff00 broadcast 10.0.0.255
inet6 2a02:13a0:a006:2:: prefixlen 64
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet autoselect (1000baseT <full-duplex,master>)
status: active
vlan: 90 vlanpcp: 0 parent interface: re0
re0_vlan1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether 48:02:2a:07:35:d5
inet6 fe80::4a02:2aff:fe07:35d5%re0_vlan1 prefixlen 64 scopeid 0xa
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet autoselect (1000baseT <full-duplex,master>)
status: active
vlan: 1 vlanpcp: 0 parent interface: re0
re0_vlan99: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether 48:02:2a:07:35:d5
inet6 fe80::4a02:2aff:fe07:35d5%re0_vlan99 prefixlen 64 scopeid 0xb
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet autoselect (1000baseT <full-duplex,master>)
status: active
vlan: 99 vlanpcp: 0 parent interface: re0
re0_vlan64: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether 48:02:2a:07:35:d5
inet6 fe80::4a02:2aff:fe07:35d5%re0_vlan64 prefixlen 64 scopeid 0xc
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet autoselect (1000baseT <full-duplex,master>)
status: active
vlan: 64 vlanpcp: 0 parent interface: re0
re0_vlan20: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether 48:02:2a:07:35:d5
inet6 fe80::4a02:2aff:fe07:35d5%re0_vlan20 prefixlen 64 scopeid 0xd
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet autoselect (1000baseT <full-duplex,master>)
status: active
vlan: 20 vlanpcp: 0 parent interface: re0
re0_vlan30: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether 48:02:2a:07:35:d5
inet6 fe80::4a02:2aff:fe07:35d5%re0_vlan30 prefixlen 64 scopeid 0xe
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet autoselect (1000baseT <full-duplex,master>)
status: active
vlan: 30 vlanpcp: 0 parent interface: re0
pppoe1: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1492
inet6 fe80::690c:9f06:e150:b71f%pppoe1 prefixlen 64 scopeid 0xf
inet 87.252.44.195 --> 212.42.162.226 netmask 0xffffffff
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
pptpd0: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1500
nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
pptpd1: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1500
nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
pptpd2: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1500
nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
pptpd3: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1500
nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
pptpd4: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1500
nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
pptpd5: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1500
nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
pptpd6: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1500
nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
pptpd7: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1500
nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
pptpd8: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1500
nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
pptpd9: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1500
nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
pptpd10: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1500
nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
pptpd11: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1500
nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
pptpd12: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1500
nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
pptpd13: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1500
nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
pptpd14: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1500
nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
pptpd15: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1500
nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
scrub from any to <vpn_networks> max-mss 1300 fragment reassemble
scrub from <vpn_networks> to any max-mss 1300 fragment reassemble
scrub on pppoe1 all random-id fragment reassemble
scrub on em0 all random-id fragment reassemble
scrub on re0_vlan90 all random-id fragment reassemble
scrub on em1 all random-id fragment reassemble
anchor "relayd/*" all
anchor "openvpn/*" all
anchor "ipsec/*" all
block drop in log quick inet from 169.254.0.0/16 to any label "Block IPv4 link-local"
block drop in log quick inet from any to 169.254.0.0/16 label "Block IPv4 link-local"
block drop in log inet all label "Default deny rule IPv4"
block drop out log inet all label "Default deny rule IPv4"
block drop in log inet6 all label "Default deny rule IPv6"
block drop out log inet6 all label "Default deny rule IPv6"
pass quick inet6 proto ipv6-icmp all icmp6-type unreach keep state
pass quick inet6 proto ipv6-icmp all icmp6-type toobig keep state
pass quick inet6 proto ipv6-icmp all icmp6-type neighbrsol keep state
pass quick inet6 proto ipv6-icmp all icmp6-type neighbradv keep state
pass out quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type echorep keep state
pass out quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type routersol keep state
pass out quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type routeradv keep state
pass out quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type neighbrsol keep state
pass out quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type neighbradv keep state
pass out quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type echorep keep state
pass out quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type routersol keep state
pass out quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type routeradv keep state
pass out quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type neighbrsol keep state
pass out quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type neighbradv keep state
pass in quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type echoreq keep state
pass in quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type routersol keep state
pass in quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type routeradv keep state
pass in quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type neighbrsol keep state
pass in quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type neighbradv keep state
pass in quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 icmp6-type echoreq keep state
pass in quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 icmp6-type routersol keep state
pass in quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 icmp6-type routeradv keep state
pass in quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 icmp6-type neighbrsol keep state
pass in quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 icmp6-type neighbradv keep state
pass in quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type echoreq keep state
pass in quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type routersol keep state
pass in quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type routeradv keep state
pass in quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type neighbrsol keep state
pass in quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type neighbradv keep state
block drop log quick inet proto tcp from any port = 0 to any label "Block traffic from port 0"
block drop log quick inet proto udp from any port = 0 to any label "Block traffic from port 0"
block drop log quick inet proto tcp from any to any port = 0 label "Block traffic to port 0"
block drop log quick inet proto udp from any to any port = 0 label "Block traffic to port 0"
block drop log quick inet6 proto tcp from any port = 0 to any label "Block traffic from port 0"
block drop log quick inet6 proto udp from any port = 0 to any label "Block traffic from port 0"
block drop log quick inet6 proto tcp from any to any port = 0 label "Block traffic to port 0"
block drop log quick inet6 proto udp from any to any port = 0 label "Block traffic to port 0"
block drop log quick from <snort2c> to any label "Block snort2c hosts"
block drop log quick from any to <snort2c> label "Block snort2c hosts"
block drop in log quick proto tcp from <sshlockout> to (self) port = ssh label "sshlockout"
block drop in log quick proto tcp from <webConfiguratorlockout> to (self) port = https label "webConfiguratorlockout"
block drop in log quick from <virusprot> to any label "virusprot overload table"
pass in quick on pppoe1 inet6 proto udp from fe80::/10 port = dhcpv6-client to fe80::/10 port = dhcpv6-client keep state label "allow dhcpv6 client in WAN"
pass in quick on pppoe1 proto udp from any port = dhcpv6-server to any port = dhcpv6-client keep state label "allow dhcpv6 client in WAN"
pass out quick on pppoe1 proto udp from any port = dhcpv6-client to any port = dhcpv6-server keep state label "allow dhcpv6 client out WAN"
block drop in log quick on pppoe1 from <bogons> to any label "block bogon IPv4 networks from WAN"
block drop in log quick on pppoe1 from <bogonsv6> to any label "block bogon IPv6 networks from WAN"
block drop in log on ! pppoe1 inet from 87.252.44.195 to any
block drop in log inet from 87.252.44.195 to any
block drop in log on pppoe1 inet6 from fe80::690c:9f06:e150:b71f to any
block drop in log on ! em0 inet6 from 2a02:13a0:a006:1::/64 to any
block drop in log on em0 inet6 from fe80::202:a5ff:fe4f:2a81 to any
block drop in log inet6 from 2a02:13a0:a006:1:: to any
block drop in log on ! em0 inet from 192.168.64.0/22 to any
block drop in log inet from 192.168.65.1 to any
pass in quick on em0 inet proto udp from any port = bootpc to 255.255.255.255 port = bootps keep state label "allow access to DHCP server"
pass in quick on em0 inet proto udp from any port = bootpc to 192.168.65.1 port = bootps keep state label "allow access to DHCP server"
pass out quick on em0 inet proto udp from 192.168.65.1 port = bootps to any port = bootpc keep state label "allow access to DHCP server"
pass quick on em0 inet6 proto udp from fe80::/10 to fe80::/10 port = dhcpv6-client keep state label "allow access to DHCPv6 server"
pass quick on em0 inet6 proto udp from fe80::/10 to ff02::/16 port = dhcpv6-client keep state label "allow access to DHCPv6 server"
pass quick on em0 inet6 proto udp from fe80::/10 to ff02::/16 port = dhcpv6-server keep state label "allow access to DHCPv6 server"
pass quick on em0 inet6 proto udp from ff02::/16 to fe80::/10 port = dhcpv6-server keep state label "allow access to DHCPv6 server"
pass in quick on em0 inet6 proto udp from fe80::/10 to 2a02:13a0:a006:1:: port = dhcpv6-client keep state label "allow access to DHCPv6 server"
pass out quick on em0 inet6 proto udp from 2a02:13a0:a006:1:: port = dhcpv6-server to fe80::/10 keep state label "allow access to DHCPv6 server"
block drop in log on ! re0_vlan90 inet6 from 2a02:13a0:a006:2::/64 to any
block drop in log on re0_vlan90 inet6 from fe80::4a02:2aff:fe07:35d5 to any
block drop in log inet6 from 2a02:13a0:a006:2:: to any
block drop in log on ! re0_vlan90 inet from 10.0.0.0/24 to any
block drop in log inet from 10.0.0.1 to any
pass in quick on re0_vlan90 inet proto udp from any port = bootpc to 255.255.255.255 port = bootps keep state label "allow access to DHCP server"
pass in quick on re0_vlan90 inet proto udp from any port = bootpc to 10.0.0.1 port = bootps keep state label "allow access to DHCP server"
pass out quick on re0_vlan90 inet proto udp from 10.0.0.1 port = bootps to any port = bootpc keep state label "allow access to DHCP server"
pass quick on re0_vlan90 inet6 proto udp from fe80::/10 to fe80::/10 port = dhcpv6-client keep state label "allow access to DHCPv6 server"
pass quick on re0_vlan90 inet6 proto udp from fe80::/10 to ff02::/16 port = dhcpv6-client keep state label "allow access to DHCPv6 server"
pass quick on re0_vlan90 inet6 proto udp from fe80::/10 to ff02::/16 port = dhcpv6-server keep state label "allow access to DHCPv6 server"
pass quick on re0_vlan90 inet6 proto udp from ff02::/16 to fe80::/10 port = dhcpv6-server keep state label "allow access to DHCPv6 server"
pass in quick on re0_vlan90 inet6 proto udp from fe80::/10 to 2a02:13a0:a006:2:: port = dhcpv6-client keep state label "allow access to DHCPv6 server"
pass out quick on re0_vlan90 inet6 proto udp from 2a02:13a0:a006:2:: port = dhcpv6-server to fe80::/10 keep state label "allow access to DHCPv6 server"
block drop in log on ! em1 inet from 192.168.1.0/24 to any
block drop in log inet from 192.168.1.1 to any
block drop in log on em1 inet6 from fe80::202:a5ff:fe4f:2a80 to any
pass in on lo0 inet all flags S/SA keep state label "pass IPv4 loopback"
pass out on lo0 inet all flags S/SA keep state label "pass IPv4 loopback"
pass in on lo0 inet6 all flags S/SA keep state label "pass IPv6 loopback"
pass out on lo0 inet6 all flags S/SA keep state label "pass IPv6 loopback"
pass out inet all flags S/SA keep state allow-opts label "let out anything IPv4 from firewall host itself"
pass out inet6 all flags S/SA keep state allow-opts label "let out anything IPv6 from firewall host itself"
pass out route-to (pppoe1 212.42.162.226) inet from 87.252.44.195 to ! 87.252.44.195 flags S/SA keep state allow-opts label "let out anything from firewall host itself"
pass out on enc0 all flags S/SA keep state label "IPsec internal host to host"
pass in quick on em0 proto tcp from any to (em0) port = https flags S/SA keep state label "anti-lockout rule"
pass in quick on em0 proto tcp from any to (em0) port = http flags S/SA keep state label "anti-lockout rule"
pass in quick on em0 proto tcp from any to (em0) port = ssh flags S/SA keep state label "anti-lockout rule"
pass in on pppoe1 inet proto tcp from any to 87.252.44.195 port = pptp flags S/SA modulate state label "allow pptpd 87.252.44.195"
pass in on pppoe1 proto gre all keep state label "allow gre pptpd"
pass in inet all flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost" tagged PFREFLECT
anchor "userrules/*" all
pass log on pppoe1 inet6 all flags S/SA keep state label "USER_RULE"
pass log on em0 inet6 all flags S/SA keep state label "USER_RULE"
pass log on re0_vlan90 inet6 all flags S/SA keep state label "USER_RULE"
pass on em0 inet proto tcp from any to 78.32.215.197 flags S/SA keep state label "USER_RULE"
pass on pppoe1 inet proto tcp from any to 78.32.215.197 flags S/SA keep state label "USER_RULE"
pass on re0_vlan90 inet proto tcp from any to 78.32.215.197 flags S/SA keep state label "USER_RULE"
pass in quick on enc0 inet from 192.168.7.0/24 to any flags S/SA keep state label "USER_RULE: TopClass"
pass in quick on enc0 inet from 192.168.53.0/24 to 192.168.64.0/22 flags S/SA keep state label "USER_RULE: Shakespeare Road"
pass in quick on enc0 inet from 192.168.75.0/24 to 192.168.64.0/22 flags S/SA keep state label "USER_RULE: Rixon"
pass in quick on enc0 inet from 192.168.13.0/24 to 192.168.64.0/22 flags S/SA keep state label "USER_RULE: Office"
pass in quick on enc0 inet from 192.168.48.0/24 to 192.168.64.0/22 flags S/SA keep state label "USER_RULE: BlueRooms"
pass in quick on enc0 inet from 192.168.2.0/24 to any flags S/SA keep state label "USER_RULE: Dad"
pass in quick on pptp inet all flags S/SA keep state label "USER_RULE: PPTP Clients"
pass in log quick on pppoe1 reply-to (sge0 fe80::f2f7:55ff:fe0c:5700) inet6 all flags S/SA keep state label "USER_RULE"
pass in log quick on pppoe1 reply-to (pppoe1 212.42.162.226) inet from any to 78.32.215.197 flags S/SA keep state label "USER_RULE"
pass in quick on pppoe1 reply-to (pppoe1 212.42.162.226) inet proto tcp from <EntaVOIP> to 192.168.64.0/22 flags S/SA keep state label "USER_RULE"
pass in quick on pppoe1 reply-to (pppoe1 212.42.162.226) inet proto udp from <EntaVOIP> to 192.168.64.0/22 keep state label "USER_RULE"
pass in quick on pppoe1 reply-to (pppoe1 212.42.162.226) inet proto tcp from 109.169.6.123 to 87.252.44.195 port = snmp flags S/SA keep state label "USER_RULE: Allow Observium"
pass in quick on pppoe1 reply-to (pppoe1 212.42.162.226) inet proto udp from 109.169.6.123 to 87.252.44.195 port = snmp keep state label "USER_RULE: Allow Observium"
pass in quick on pppoe1 reply-to (pppoe1 212.42.162.226) inet proto icmp from any to 87.252.44.195 keep state label "USER_RULE: allow inbound ping"
pass in quick on pppoe1 reply-to (sge0 fe80::f2f7:55ff:fe0c:5700) inet6 proto ipv6-icmp all keep state label "USER_RULE: allow inbound icmpv6"
pass in log quick on pppoe1 reply-to (pppoe1 212.42.162.226) inet proto udp from any to 192.168.65.95 port 26999 >< 27031 keep state label "USER_RULE: NAT NAT Steam Client UDP"
pass in log quick on pppoe1 reply-to (pppoe1 212.42.162.226) inet proto tcp from any to 192.168.65.95 port 27013 >< 27051 flags S/SA keep state label "USER_RULE: NAT NAT Steam Downloads TCP"
pass in quick on pppoe1 reply-to (pppoe1 212.42.162.226) inet proto tcp from 109.169.6.123 to 192.168.65.252 port = snmp flags S/SA keep state label "USER_RULE: NAT SNMP for procurve"
pass in quick on pppoe1 reply-to (pppoe1 212.42.162.226) inet proto udp from 109.169.6.123 to 192.168.65.252 port = snmp keep state label "USER_RULE: NAT SNMP for procurve"
pass in quick on pppoe1 reply-to (pppoe1 212.42.162.226) inet proto tcp from any to 192.168.65.221 port = 32400 flags S/SA keep state label "USER_RULE: NAT PLEX"
pass in quick on pppoe1 reply-to (pppoe1 212.42.162.226) inet proto udp from any to 192.168.65.221 port = 32400 keep state label "USER_RULE: NAT PLEX"
pass in quick on pppoe1 reply-to (pppoe1 212.42.162.226) inet proto tcp from any to 192.168.65.86 port = 32400 flags S/SA keep state label "USER_RULE: NAT PLEX DEVEL"
pass in quick on pppoe1 reply-to (pppoe1 212.42.162.226) inet proto udp from any to 192.168.65.86 port = 32400 keep state label "USER_RULE: NAT PLEX DEVEL"
pass in quick on pppoe1 reply-to (pppoe1 212.42.162.226) inet proto udp from any to 192.168.65.95 port = 6672 keep state label "USER_RULE: NAT NAT GTAV Client UDP"
pass in quick on pppoe1 reply-to (pppoe1 212.42.162.226) inet proto udp from any to 192.168.65.95 port 61454 >< 61459 keep state label "USER_RULE: NAT NAT GTAV Client UDP"
pass in quick on pppoe1 reply-to (pppoe1 212.42.162.226) inet proto udp from any to 192.168.65.95 port = 3074 keep state label "USER_RULE: NAT aNNO"
pass in log quick on pppoe1 reply-to (pppoe1 212.42.162.226) inet proto udp from any to 192.168.65.95 port 7776 >< 7784 keep state label "USER_RULE: NAT NAT ark Client UDP"
pass in log quick on pppoe1 reply-to (pppoe1 212.42.162.226) inet proto tcp from any to 192.168.65.95 port 7776 >< 7784 flags S/SA keep state label "USER_RULE: NAT NAT ark Client tcp"
pass in log quick on pppoe1 reply-to (pppoe1 212.42.162.226) inet proto udp from any to 192.168.65.95 port = 25147 keep state label "USER_RULE: NAT NAT ark Client UDP"
pass in log quick on pppoe1 reply-to (pppoe1 212.42.162.226) inet proto tcp from any to 192.168.65.95 port = 25147 flags S/SA keep state label "USER_RULE: NAT NAT ark Client TCP"
pass in quick on em0 inet proto tcp from 192.168.65.97 to any flags S/SA keep state label "USER_RULE"
pass in quick on em0 inet proto udp from 192.168.65.97 to any keep state label "USER_RULE"
pass in quick on em0 all flags S/SA keep state label "USER_RULE: Default LAN -> any"
pass in log quick on em0 inet6 all flags S/SA keep state label "USER_RULE: Default LAN -> any"
pass in quick on re0_vlan90 inet proto tcp from 10.0.0.0/24 to 192.168.64.0/22 flags S/SA keep state label "USER_RULE: allow phone"
pass in quick on re0_vlan90 inet proto udp from 10.0.0.0/24 to 192.168.64.0/22 keep state label "USER_RULE: allow phone"
pass in quick on re0_vlan90 inet proto tcp from 10.0.0.3 to any flags S/SA keep state label "USER_RULE: allow phone"
pass in quick on re0_vlan90 inet proto udp from 10.0.0.3 to any keep state label "USER_RULE: allow phone"
block drop in quick on re0_vlan90 inet proto tcp from 10.0.0.0/24 to 192.168.13.0/24 label "USER_RULE: Block wifi from accessing Office"
block drop in quick on re0_vlan90 inet proto udp from 10.0.0.0/24 to 192.168.13.0/24 label "USER_RULE: Block wifi from accessing Office"
block drop in quick on re0_vlan90 inet proto tcp from 10.0.0.0/24 to 192.168.48.0/24 label "USER_RULE: Block wifi from accessing Michaels"
block drop in quick on re0_vlan90 inet proto udp from 10.0.0.0/24 to 192.168.48.0/24 label "USER_RULE: Block wifi from accessing Michaels"
block drop in quick on re0_vlan90 inet proto tcp from 10.0.0.0/24 to 192.168.2.0/24 label "USER_RULE: Block wifi from accessing Dads"
block drop in quick on re0_vlan90 inet proto udp from 10.0.0.0/24 to 192.168.2.0/24 label "USER_RULE: Block wifi from accessing Dads"
block drop in quick on re0_vlan90 inet proto tcp from 10.0.0.0/24 to 192.168.7.0/24 label "USER_RULE: Block wifi from accessing Topclass"
block drop in quick on re0_vlan90 inet proto udp from 10.0.0.0/24 to 192.168.7.0/24 label "USER_RULE: Block wifi from accessing Topclass"
block drop in quick on re0_vlan90 inet proto tcp from 10.0.0.0/24 to 192.168.53.0/24 label "USER_RULE: Block wifi from accessing Frans"
block drop in quick on re0_vlan90 inet proto udp from 10.0.0.0/24 to 192.168.53.0/24 label "USER_RULE: Block wifi from accessing Frans"
block drop in quick on re0_vlan90 inet proto tcp from 10.0.0.0/24 to 192.168.75.0/24 label "USER_RULE: Block wifi from accessing Rixons"
block drop in quick on re0_vlan90 inet proto udp from 10.0.0.0/24 to 192.168.75.0/24 label "USER_RULE: Block wifi from accessing Rixons"
pass in quick on re0_vlan90 inet proto tcp from 10.0.0.0/24 to any flags S/SA keep state label "USER_RULE: Allow wifi"
pass in quick on re0_vlan90 inet proto udp from 10.0.0.0/24 to any keep state label "USER_RULE: Allow wifi"
pass in log quick on re0_vlan90 inet6 proto tcp from 2a02:13a0:a006:2::/64 to any flags S/SA keep state label "USER_RULE: Allow wifi"
pass in log quick on re0_vlan90 inet6 proto udp from 2a02:13a0:a006:2::/64 to any keep state label "USER_RULE: Allow wifi"
pass in quick on re0_vlan90 inet proto icmp from 10.0.0.0/24 to any keep state label "USER_RULE: Allow WIFI ICMP"
pass in quick on re0_vlan90 inet6 proto ipv6-icmp from 2a02:13a0:a006:2::/64 to any keep state label "USER_RULE: Allow WIFI ICMP"
pass in log quick on em1 all flags S/SA keep state label "USER_RULE"
pass out route-to (pppoe1 212.42.162.226) inet proto udp from any to 82.148.44.156 port = isakmp keep state label "IPsec: Karl - outbound isakmp"
pass in on pppoe1 reply-to (pppoe1 212.42.162.226) inet proto udp from 82.148.44.156 to any port = isakmp keep state label "IPsec: Karl - inbound isakmp"
pass out route-to (pppoe1 212.42.162.226) inet proto udp from any to 82.148.44.156 port = sae-urn keep state label "IPsec: Karl - outbound nat-t"
pass in on pppoe1 reply-to (pppoe1 212.42.162.226) inet proto udp from 82.148.44.156 to any port = sae-urn keep state label "IPsec: Karl - inbound nat-t"
pass out route-to (pppoe1 212.42.162.226) inet proto esp from any to 82.148.44.156 keep state label "IPsec: Karl - outbound esp proto"
pass in on pppoe1 reply-to (pppoe1 212.42.162.226) inet proto esp from 82.148.44.156 to any keep state label "IPsec: Karl - inbound esp proto"
pass out route-to (pppoe1 212.42.162.226) inet proto udp from any to 86.186.128.15 port = isakmp keep state label "IPsec: Michael - outbound isakmp"
pass in on pppoe1 reply-to (pppoe1 212.42.162.226) inet proto udp from 86.186.128.15 to any port = isakmp keep state label "IPsec: Michael - inbound isakmp"
pass out route-to (pppoe1 212.42.162.226) inet proto udp from any to 86.186.128.15 port = sae-urn keep state label "IPsec: Michael - outbound nat-t"
pass in on pppoe1 reply-to (pppoe1 212.42.162.226) inet proto udp from 86.186.128.15 to any port = sae-urn keep state label "IPsec: Michael - inbound nat-t"
pass out route-to (pppoe1 212.42.162.226) inet proto esp from any to 86.186.128.15 keep state label "IPsec: Michael - outbound esp proto"
pass in on pppoe1 reply-to (pppoe1 212.42.162.226) inet proto esp from 86.186.128.15 to any keep state label "IPsec: Michael - inbound esp proto"
pass out route-to (pppoe1 212.42.162.226) inet proto udp from any to 87.252.44.179 port = isakmp keep state label "IPsec: Rixon - outbound isakmp"
pass in on pppoe1 reply-to (pppoe1 212.42.162.226) inet proto udp from 87.252.44.179 to any port = isakmp keep state label "IPsec: Rixon - inbound isakmp"
pass out route-to (pppoe1 212.42.162.226) inet proto udp from any to 87.252.44.179 port = sae-urn keep state label "IPsec: Rixon - outbound nat-t"
pass in on pppoe1 reply-to (pppoe1 212.42.162.226) inet proto udp from 87.252.44.179 to any port = sae-urn keep state label "IPsec: Rixon - inbound nat-t"
pass out route-to (pppoe1 212.42.162.226) inet proto esp from any to 87.252.44.179 keep state label "IPsec: Rixon - outbound esp proto"
pass in on pppoe1 reply-to (pppoe1 212.42.162.226) inet proto esp from 87.252.44.179 to any keep state label "IPsec: Rixon - inbound esp proto"
pass out route-to (pppoe1 212.42.162.226) inet proto udp from any to 82.148.44.157 port = isakmp keep state label "IPsec: Dad - outbound isakmp"
pass in on pppoe1 reply-to (pppoe1 212.42.162.226) inet proto udp from 82.148.44.157 to any port = isakmp keep state label "IPsec: Dad - inbound isakmp"
pass out route-to (pppoe1 212.42.162.226) inet proto esp from any to 82.148.44.157 keep state label "IPsec: Dad - outbound esp proto"
pass in on pppoe1 reply-to (pppoe1 212.42.162.226) inet proto esp from 82.148.44.157 to any keep state label "IPsec: Dad - inbound esp proto"
anchor "tftp-proxy/*" all
anchor "miniupnpd" all
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.