@0(0) scrub on em0 all max-mss 960 fragment reassemble [ Evaluations: 2116 Packets: 1832 Bytes: 104244 States: 0 ] [ Inserted: pid 96025 State Creations: 18446735277671789312] @1(0) scrub on em1 all fragment reassemble [ Evaluations: 284 Packets: 276 Bytes: 38577 States: 0 ] [ Inserted: pid 96025 State Creations: 18446735277671789336] @0(0) anchor "relayd/*" all [ Evaluations: 21 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 96025 State Creations: 18446735277671772888] @1(0) anchor "openvpn/*" all [ Evaluations: 21 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 96025 State Creations: 18446735277671772864] @2(0) anchor "ipsec/*" all [ Evaluations: 21 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 96025 State Creations: 18446735277671772840] @3(0) block drop in log inet all label "Default deny rule IPv4" [ Evaluations: 21 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 96025 State Creations: 18446735277671772816] @4(0) block drop out log inet all label "Default deny rule IPv4" [ Evaluations: 21 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 96025 State Creations: 18446735277671772792] @5(0) block drop in log inet6 all label "Default deny rule IPv6" [ Evaluations: 21 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 96025 State Creations: 18446735277671772768] @6(0) block drop out log inet6 all label "Default deny rule IPv6" [ Evaluations: 11 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 96025 State Creations: 18446735277671772744] @7(1000000101) pass quick inet6 proto ipv6-icmp all icmp6-type unreach keep state [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 96025 State Creations: 18446735277861557112] @8(1000000101) pass quick inet6 proto ipv6-icmp all icmp6-type toobig keep state [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 96025 State Creations: 18446735277697729144] @9(1000000101) pass quick inet6 proto ipv6-icmp all icmp6-type neighbrsol keep state [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 96025 State Creations: 18446735277697729240] @10(1000000101) pass quick inet6 proto ipv6-icmp all icmp6-type neighbradv keep state [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 96025 State Creations: 18446735277861557088] @11(1000000102) pass out quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type echorep keep state [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 96025 State Creations: 18446735277677593352] @12(1000000102) pass out quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type routersol keep state [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 96025 State Creations: 18446735277861556336] @13(1000000102) pass out quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type routeradv keep state [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 96025 State Creations: 18446735277861556528] @14(1000000102) pass out quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type neighbrsol keep state [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 96025 State Creations: 18446735277697913176] @15(1000000102) pass out quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type neighbradv keep state [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 96025 State Creations: 18446735277697913200] @16(1000000103) pass out quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type echorep keep state [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 96025 State Creations: 18446735277697913224] @17(1000000103) pass out quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type routersol keep state [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 96025 State Creations: 18446735277697729000] @18(1000000103) pass out quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type routeradv keep state [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 96025 State Creations: 18446735277697729024] @19(1000000103) pass out quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type neighbrsol keep state [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 96025 State Creations: 18446735277697729048] @20(1000000103) pass out quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type neighbradv keep state [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 96025 State Creations: 18446735277697729072] @21(1000000104) pass in quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type echoreq keep state [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 96025 State Creations: 18446735277697729120] @22(1000000104) pass in quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type routersol keep state [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 96025 State Creations: 18446735277697729168] @23(1000000104) pass in quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type routeradv keep state [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 96025 State Creations: 18446735277697912920] @24(1000000104) pass in quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type neighbrsol keep state [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 96025 State Creations: 18446735277697912896] @25(1000000104) pass in quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type neighbradv keep state [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 96025 State Creations: 18446735277697912872] @26(1000000105) pass in quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 icmp6-type echoreq keep state [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 96025 State Creations: 18446735277697913160] @27(1000000105) pass in quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 icmp6-type routersol keep state [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 96025 State Creations: 18446735277697913136] @28(1000000105) pass in quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 icmp6-type routeradv keep state [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 96025 State Creations: 18446735277697912848] @29(1000000105) pass in quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 icmp6-type neighbrsol keep state [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 96025 State Creations: 18446735277697827832] @30(1000000105) pass in quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 icmp6-type neighbradv keep state [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 96025 State Creations: 18446735277697827808] @31(1000000106) pass in quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type echoreq keep state [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 96025 State Creations: 18446735277697827784] @32(1000000106) pass in quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type routersol keep state [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 96025 State Creations: 18446735277697827760] @33(1000000106) pass in quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type routeradv keep state [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 96025 State Creations: 18446735277697827736] @34(1000000106) pass in quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type neighbrsol keep state [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 96025 State Creations: 18446735277697827712] @35(1000000106) pass in quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type neighbradv keep state [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 96025 State Creations: 18446735277697827688] @36(1000000107) block drop log quick inet proto tcp from any port = 0 to any [ Evaluations: 81 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 96025 State Creations: 18446735277697827664] @37(1000000107) block drop log quick inet proto udp from any port = 0 to any [ Evaluations: 73 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 96025 State Creations: 18446735277697827640] @38(1000000108) block drop log quick inet proto tcp from any to any port = 0 [ Evaluations: 81 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 96025 State Creations: 18446735277697827616] @39(1000000108) block drop log quick inet proto udp from any to any port = 0 [ Evaluations: 73 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 96025 State Creations: 18446735277697827592] @40(1000000109) block drop log quick inet6 proto tcp from any port = 0 to any [ Evaluations: 81 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 96025 State Creations: 18446735277697827568] @41(1000000109) block drop log quick inet6 proto udp from any port = 0 to any [ Evaluations: 60 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 96025 State Creations: 18446735277697827544] @42(1000000110) block drop log quick inet6 proto tcp from any to any port = 0 [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 96025 State Creations: 18446735277697827520] @43(1000000110) block drop log quick inet6 proto udp from any to any port = 0 [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 96025 State Creations: 18446735277697827496] @44(1000000111) block drop log quick from to any label "Block snort2c hosts" [ Evaluations: 81 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 96025 State Creations: 18446735277697827472] @45(1000000112) block drop log quick from any to label "Block snort2c hosts" [ Evaluations: 81 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 96025 State Creations: 18446735277697827448] @46(1000000301) block drop in log quick proto tcp from to (self:8) port = ssh label "sshlockout" [ Evaluations: 81 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 96025 State Creations: 18446735277697827424] @47(1000000351) block drop in log quick proto tcp from to (self:8) port = https label "webConfiguratorlockout" [ Evaluations: 33 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 96025 State Creations: 18446735277697827400] @48(1000000400) block drop in log quick from to any label "virusprot overload table" [ Evaluations: 45 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 96025 State Creations: 18446735277697827376] @49(1000001561) pass in quick on em0 inet6 proto udp from fe80::/10 port = dhcpv6-client to fe80::/10 port = dhcpv6-client keep state label "allow dhcpv6 client in WAN" [ Evaluations: 45 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 96025 State Creations: 18446735277697827352] @50(1000001562) pass in quick on em0 proto udp from any port = dhcpv6-server to any port = dhcpv6-client keep state label "allow dhcpv6 client in WAN" [ Evaluations: 13 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 96025 State Creations: 18446735277697827328] @51(1000001563) pass out quick on em0 proto udp from any port = dhcpv6-client to any port = dhcpv6-server keep state label "allow dhcpv6 client out WAN" [ Evaluations: 36 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 96025 State Creations: 18446735277697827304] @52(1000001570) block drop in log on ! em0 inet from 192.0.2.0/24 to any [ Evaluations: 81 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 96025 State Creations: 18446735277707866360] @53(1000001570) block drop in log inet from 192.0.2.100 to any [ Evaluations: 77 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 96025 State Creations: 18446735277707866336] @54(1000001570) block drop in log on em0 inet6 from fe80::a00:27ff:fe63:a7c8 to any [ Evaluations: 70 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 96025 State Creations: 18446735277697827280] @55(1000001591) pass in on em0 proto udp from any port = bootps to any port = bootpc keep state label "allow dhcp client out WAN" [ Evaluations: 13 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 96025 State Creations: 18446735277697827256] @56(1000001592) pass out on em0 proto udp from any port = bootpc to any port = bootps keep state label "allow dhcp client out WAN" [ Evaluations: 36 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 96025 State Creations: 18446735277707866480] @57(1000002620) block drop in log on em1 inet6 from fe80::a00:27ff:fe23:abd3 to any [ Evaluations: 81 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 96025 State Creations: 18446735277707866456] @58(1000002620) block drop in log on em1 inet6 from fe80::1:1 to any [ Evaluations: 60 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 96025 State Creations: 18446735277707866432] @59(1000002620) block drop in log on ! em1 inet from 192.168.31.0/24 to any [ Evaluations: 81 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 96025 State Creations: 18446735277707866408] @60(1000002620) block drop in log inet from 192.168.31.1 to any [ Evaluations: 70 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 96025 State Creations: 18446735277707866384] @61(1000002641) pass in quick on em1 inet proto udp from any port = bootpc to 255.255.255.255 port = bootps keep state label "allow access to DHCP server" [ Evaluations: 45 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 96025 State Creations: 18446735277707866312] @62(1000002642) pass in quick on em1 inet proto udp from any port = bootpc to 192.168.31.1 port = bootps keep state label "allow access to DHCP server" [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 96025 State Creations: 18446735277707866288] @63(1000002643) pass out quick on em1 inet proto udp from 192.168.31.1 port = bootps to any port = bootpc keep state label "allow access to DHCP server" [ Evaluations: 40 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 96025 State Creations: 18446735277707866264] @64(1000002661) pass in on lo0 inet all flags S/SA keep state label "pass IPv4 loopback" [ Evaluations: 81 Packets: 8 Bytes: 536 States: 0 ] [ Inserted: pid 96025 State Creations: 18446735277707866240] @65(1000002662) pass out on lo0 inet all flags S/SA keep state label "pass IPv4 loopback" [ Evaluations: 12 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 96025 State Creations: 18446735277707866216] @66(1000002663) pass in on lo0 inet6 all flags S/SA keep state label "pass IPv6 loopback" [ Evaluations: 12 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 96025 State Creations: 18446735277707866192] @67(1000002664) pass out on lo0 inet6 all flags S/SA keep state label "pass IPv6 loopback" [ Evaluations: 6 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 96025 State Creations: 18446735277707866168] @68(1000002665) pass out inet all flags S/SA keep state allow-opts label "let out anything IPv4 from firewall host itself" [ Evaluations: 81 Packets: 70 Bytes: 5309 States: 0 ] [ Inserted: pid 96025 State Creations: 18446735277707866144] @69(1000002666) pass out inet6 all flags S/SA keep state allow-opts label "let out anything IPv6 from firewall host itself" [ Evaluations: 36 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 96025 State Creations: 18446735277707866120] @70(1000002761) pass out route-to (em0 192.0.2.1) inet from 192.0.2.100 to ! 192.0.2.0/24 flags S/SA keep state allow-opts label "let out anything from firewall host itself" [ Evaluations: 36 Packets: 166 Bytes: 49657 States: 5 ] [ Inserted: pid 96025 State Creations: 18446735277697913840] @71(1000003071) pass in quick on em1 proto tcp from any to (em1:3) port = https flags S/SA keep state label "anti-lockout rule" [ Evaluations: 81 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 96025 State Creations: 18446735277697913816] @72(1000003071) pass in quick on em1 proto tcp from any to (em1:3) port = http flags S/SA keep state label "anti-lockout rule" [ Evaluations: 60 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 96025 State Creations: 18446735277697913792] @73(1000003071) pass in quick on em1 proto tcp from any to (em1:3) port = ssh flags S/SA keep state label "anti-lockout rule" [ Evaluations: 60 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 96025 State Creations: 18446735277697913768] @74(0) anchor "userrules/*" all [ Evaluations: 21 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 96025 State Creations: 18446735277697913744] @75(0) pass in quick on em1 inet from 192.168.31.0/24 to any flags S/SA keep state label "USER_RULE: Default allow LAN to any rule" [ Evaluations: 21 Packets: 139 Bytes: 42980 States: 4 ] [ Inserted: pid 96025 State Creations: 18446735277697913720] @76(0) pass in quick on em0 reply-to (em0 192.0.2.1) inet all flags S/SA keep state label "USER_RULE: Allow all ipv4 via pfSsh.php" [ Evaluations: 15 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 96025 State Creations: 18446735277697913696] @77(0) pass in quick on em0 inet6 all flags S/SA keep state label "USER_RULE: Allow all ipv6 via pfSsh.php" [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 96025 State Creations: 18446735277697913672] @78(0) anchor "tftp-proxy/*" all [ Evaluations: 15 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 96025 State Creations: 18446735277697913648]