Project

General

Profile

Download (27.8 KB)

Bug #9615 » FW-Rules-Redacted.txt

Firewall rules (verbose) - Benjamin Lee, 04/24/2020 01:03 PM

 
1 
@0(0) scrub on igb0 all fragment reassemble
2 
  [ Evaluations: 258109    Packets: 106022    Bytes: 11452982    States: 0     ]
3 
  [ Inserted: pid 6126 State Creations: 0     ]
4 
@1(0) scrub on igb1 all fragment reassemble
5 
  [ Evaluations: 152077    Packets: 3567      Bytes: 222712      States: 0     ]
6 
  [ Inserted: pid 6126 State Creations: 0     ]
7 
@2(0) scrub on lagg0 all fragment reassemble
8 
  [ Evaluations: 148510    Packets: 111872    Bytes: 12010819    States: 0     ]
9 
  [ Inserted: pid 6126 State Creations: 0     ]
10 
@3(0) scrub on ix0 all fragment reassemble
11 
  [ Evaluations: 36635     Packets: 0         Bytes: 0           States: 0     ]
12 
  [ Inserted: pid 6126 State Creations: 0     ]
13 
@4(0) scrub on lagg0.90 all fragment reassemble
14 
  [ Evaluations: 36635     Packets: 191       Bytes: 0           States: 0     ]
15 
  [ Inserted: pid 6126 State Creations: 0     ]
16 
@0(0) anchor "relayd/*" all
17 
  [ Evaluations: 1002      Packets: 0         Bytes: 0           States: 0     ]
18 
  [ Inserted: pid 6126 State Creations: 0     ]
19 
@1(0) anchor "openvpn/*" all
20 
  [ Evaluations: 1002      Packets: 0         Bytes: 0           States: 0     ]
21 
  [ Inserted: pid 6126 State Creations: 0     ]
22 
@2(0) anchor "ipsec/*" all
23 
  [ Evaluations: 1002      Packets: 0         Bytes: 0           States: 0     ]
24 
  [ Inserted: pid 6126 State Creations: 0     ]
25 
@3(1000000001) pass in quick on lo0 inet6 all flags S/SA keep state label "pass IPv6 loopback"
26 
  [ Evaluations: 1406069   Packets: 0         Bytes: 0           States: 0     ]
27 
  [ Inserted: pid 6126 State Creations: 0     ]
28 
@4(1000000002) pass out quick on lo0 inet6 all flags S/SA keep state label "pass IPv6 loopback"
29 
  [ Evaluations: 53167     Packets: 0         Bytes: 0           States: 0     ]
30 
  [ Inserted: pid 6126 State Creations: 0     ]
31 
@5(1000000003) block drop in log quick inet6 all label "Block all IPv6"
32 
  [ Evaluations: 1299735   Packets: 381686    Bytes: 40090346    States: 0     ]
33 
  [ Inserted: pid 6126 State Creations: 0     ]
34 
@6(1000000004) block drop out log quick inet6 all label "Block all IPv6"
35 
  [ Evaluations: 378369    Packets: 0         Bytes: 0           States: 0     ]
36 
  [ Inserted: pid 6126 State Creations: 0     ]
37 
@7(1000000101) block drop in log quick inet from 169.254.0.0/16 to any label "Block IPv4 link-local"
38 
  [ Evaluations: 1024384   Packets: 57        Bytes: 11050       States: 0     ]
39 
  [ Inserted: pid 6126 State Creations: 0     ]
40 
@8(1000000102) block drop in log quick inet from any to 169.254.0.0/16 label "Block IPv4 link-local"
41 
  [ Evaluations: 592790    Packets: 18        Bytes: 9707        States: 0     ]
42 
  [ Inserted: pid 6126 State Creations: 0     ]
43 
@9(1000000103) block drop in log inet all label "Default deny rule IPv4"
44 
  [ Evaluations: 592772    Packets: 102834    Bytes: 7959344     States: 0     ]
45 
  [ Inserted: pid 6126 State Creations: 0     ]
46 
@10(1000000104) block drop out log inet all label "Default deny rule IPv4"
47 
  [ Evaluations: 1024308   Packets: 3709      Bytes: 319448      States: 0     ]
48 
  [ Inserted: pid 6126 State Creations: 0     ]
49 
@11(1000000105) block drop in log inet6 all label "Default deny rule IPv6"
50 
  [ Evaluations: 1024309   Packets: 0         Bytes: 0           States: 0     ]
51 
  [ Inserted: pid 6126 State Creations: 0     ]
52 
@12(1000000106) block drop out log inet6 all label "Default deny rule IPv6"
53 
  [ Evaluations: 431537    Packets: 0         Bytes: 0           States: 0     ]
54 
  [ Inserted: pid 6126 State Creations: 0     ]
55 
@13(1000000107) block drop log quick inet proto tcp from any port = 0 to any label "Block traffic from port 0"
56 
  [ Evaluations: 1024309   Packets: 0         Bytes: 0           States: 0     ]
57 
  [ Inserted: pid 6126 State Creations: 0     ]
58 
@14(1000000107) block drop log quick inet proto udp from any port = 0 to any label "Block traffic from port 0"
59 
  [ Evaluations: 1023948   Packets: 0         Bytes: 0           States: 0     ]
60 
  [ Inserted: pid 6126 State Creations: 0     ]
61 
@15(1000000108) block drop log quick inet proto tcp from any to any port = 0 label "Block traffic to port 0"
62 
  [ Evaluations: 1024309   Packets: 0         Bytes: 0           States: 0     ]
63 
  [ Inserted: pid 6126 State Creations: 0     ]
64 
@16(1000000108) block drop log quick inet proto udp from any to any port = 0 label "Block traffic to port 0"
65 
  [ Evaluations: 1023948   Packets: 0         Bytes: 0           States: 0     ]
66 
  [ Inserted: pid 6126 State Creations: 0     ]
67 
@17(1000000109) block drop log quick from <snort2c:0> to any label "Block snort2c hosts"
68 
  [ Evaluations: 1024309   Packets: 0         Bytes: 0           States: 0     ]
69 
  [ Inserted: pid 6126 State Creations: 0     ]
70 
@18(1000000110) block drop log quick from any to <snort2c:0> label "Block snort2c hosts"
71 
  [ Evaluations: 1024306   Packets: 0         Bytes: 0           States: 0     ]
72 
  [ Inserted: pid 6126 State Creations: 0     ]
73 
@19(1000000201) block drop in log quick proto carp from (self:13) to any
74 
  [ Evaluations: 677150    Packets: 0         Bytes: 0           States: 0     ]
75 
  [ Inserted: pid 6126 State Creations: 0     ]
76 
@20(1000000202) pass quick proto carp all no state
77 
  [ Evaluations: 288356    Packets: 0         Bytes: 0           States: 0     ]
78 
  [ Inserted: pid 6126 State Creations: 0     ]
79 
@21(1000000301) block drop in log quick proto tcp from <sshguard:0> to (self:13) port = ssh label "sshguard"
80 
  [ Evaluations: 1024309   Packets: 0         Bytes: 0           States: 0     ]
81 
  [ Inserted: pid 6126 State Creations: 0     ]
82 
@22(1000000351) block drop in log quick proto tcp from <sshguard:0> to (self:13) port = https label "GUI Lockout"
83 
  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
84 
  [ Inserted: pid 6126 State Creations: 0     ]
85 
@23(1000000400) block drop in log quick from <virusprot:0> to any label "virusprot overload table"
86 
  [ Evaluations: 592948    Packets: 0         Bytes: 0           States: 0     ]
87 
  [ Inserted: pid 6126 State Creations: 0     ]
88 
@24(1000000561) pass in quick on igb0 proto udp from any port = bootps to any port = bootpc keep state label "allow dhcp client out SPECTRUM"
89 
  [ Evaluations: 592767    Packets: 418       Bytes: 139419      States: 0     ]
90 
  [ Inserted: pid 6126 State Creations: 0     ]
91 
@25(1000000562) pass out quick on igb0 proto udp from any port = bootpc to any port = bootps keep state label "allow dhcp client out SPECTRUM"
92 
  [ Evaluations: 433808    Packets: 38        Bytes: 12749       States: 0     ]
93 
  [ Inserted: pid 6126 State Creations: 0     ]
94 
@26(11000) block drop in log quick on igb0 from <bogons:486> to any label "block bogon IPv4 networks from SPECTRUM"
95 
  [ Evaluations: 256297    Packets: 0         Bytes: 0           States: 0     ]
96 
  [ Inserted: pid 6126 State Creations: 0     ]
97 
@27(1000001570) block drop in log on ! igb0 inet from 47.SPC.RNG.0/21 to any
98 
  [ Evaluations: 798702    Packets: 0         Bytes: 0           States: 0     ]
99 
  [ Inserted: pid 6126 State Creations: 0     ]
100 
@28(1000001570) block drop in log inet from 47.SPC.MY.IP to any
101 
  [ Evaluations: 798547    Packets: 0         Bytes: 0           States: 0     ]
102 
  [ Inserted: pid 6126 State Creations: 0     ]
103 
@29(1000001570) block drop in log on igb0 inet6 from fe80::290:bff:fe7c:8ca to any
104 
  [ Evaluations: 798547    Packets: 0         Bytes: 0           States: 0     ]
105 
  [ Inserted: pid 6126 State Creations: 0     ]
106 
@30(12000) block drop in log quick on igb0 inet from 10.0.0.0/8 to any label "Block private networks from SPECTRUM block 10/8"
107 
  [ Evaluations: 30688     Packets: 0         Bytes: 0           States: 0     ]
108 
  [ Inserted: pid 6126 State Creations: 0     ]
109 
@31(12000) block drop in log quick on igb0 inet from 127.0.0.0/8 to any label "Block private networks from SPECTRUM block 127/8"
110 
  [ Evaluations: 30688     Packets: 0         Bytes: 0           States: 0     ]
111 
  [ Inserted: pid 6126 State Creations: 0     ]
112 
@32(12000) block drop in log quick on igb0 inet from 172.16.0.0/12 to any label "Block private networks from SPECTRUM block 172.16/12"
113 
  [ Evaluations: 30688     Packets: 0         Bytes: 0           States: 0     ]
114 
  [ Inserted: pid 6126 State Creations: 0     ]
115 
@33(12000) block drop in log quick on igb0 inet from 192.168.0.0/16 to any label "Block private networks from SPECTRUM block 192.168/16"
116 
  [ Evaluations: 30688     Packets: 0         Bytes: 0           States: 0     ]
117 
  [ Inserted: pid 6126 State Creations: 0     ]
118 
@34(12000) block drop in log quick on igb0 inet6 from fc00::/7 to any label "Block ULA networks from SPECTRUM block fc00::/7"
119 
  [ Evaluations: 30688     Packets: 0         Bytes: 0           States: 0     ]
120 
  [ Inserted: pid 6126 State Creations: 0     ]
121 
@35(11000) block drop in log quick on igb1 from <bogons:486> to any label "block bogon IPv4 networks from DSL_XTREME"
122 
  [ Evaluations: 256447    Packets: 0         Bytes: 0           States: 0     ]
123 
  [ Inserted: pid 6126 State Creations: 0     ]
124 
@36(1000002620) block drop in log on ! igb1 inet from 99.DSX.RNG.0/24 to any
125 
  [ Evaluations: 592531    Packets: 0         Bytes: 0           States: 0     ]
126 
  [ Inserted: pid 6126 State Creations: 0     ]
127 
@37(1000002620) block drop in log inet from 99.DSX.MY.IP to any
128 
  [ Evaluations: 592531    Packets: 0         Bytes: 0           States: 0     ]
129 
  [ Inserted: pid 6126 State Creations: 0     ]
130 
@38(1000002620) block drop in log on igb1 inet6 from fe80::290:bff:fe7c:8cb to any
131 
  [ Evaluations: 592531    Packets: 0         Bytes: 0           States: 0     ]
132 
  [ Inserted: pid 6126 State Creations: 0     ]
133 
@39(12000) block drop in log quick on igb1 inet from 10.0.0.0/8 to any label "Block private networks from DSL_XTREME block 10/8"
134 
  [ Evaluations: 30688     Packets: 0         Bytes: 0           States: 0     ]
135 
  [ Inserted: pid 6126 State Creations: 0     ]
136 
@40(12000) block drop in log quick on igb1 inet from 127.0.0.0/8 to any label "Block private networks from DSL_XTREME block 127/8"
137 
  [ Evaluations: 30688     Packets: 0         Bytes: 0           States: 0     ]
138 
  [ Inserted: pid 6126 State Creations: 0     ]
139 
@41(12000) block drop in log quick on igb1 inet from 172.16.0.0/12 to any label "Block private networks from DSL_XTREME block 172.16/12"
140 
  [ Evaluations: 30688     Packets: 0         Bytes: 0           States: 0     ]
141 
  [ Inserted: pid 6126 State Creations: 0     ]
142 
@42(12000) block drop in log quick on igb1 inet from 192.168.0.0/16 to any label "Block private networks from DSL_XTREME block 192.168/16"
143 
  [ Evaluations: 30688     Packets: 1         Bytes: 36          States: 0     ]
144 
  [ Inserted: pid 6126 State Creations: 0     ]
145 
@43(12000) block drop in log quick on igb1 inet6 from fc00::/7 to any label "Block ULA networks from DSL_XTREME block fc00::/7"
146 
  [ Evaluations: 30687     Packets: 0         Bytes: 0           States: 0     ]
147 
  [ Inserted: pid 6126 State Creations: 0     ]
148 
@44(1000003670) block drop in log on ! lagg0 inet from 192.168.0.0/24 to any
149 
  [ Evaluations: 590395    Packets: 10        Bytes: 1870        States: 0     ]
150 
  [ Inserted: pid 6126 State Creations: 0     ]
151 
@45(1000003670) block drop in log on ! lagg0 inet from 10.10.10.1 to any
152 
  [ Evaluations: 590088    Packets: 10        Bytes: 1870        States: 0     ]
153 
  [ Inserted: pid 6126 State Creations: 0     ]
154 
@46(1000003670) block drop in log inet from 192.168.0.1 to any
155 
  [ Evaluations: 590395    Packets: 10        Bytes: 1870        States: 0     ]
156 
  [ Inserted: pid 6126 State Creations: 0     ]
157 
@47(1000003670) block drop in log inet from 10.10.10.1 to any
158 
  [ Evaluations: 590395    Packets: 10        Bytes: 1870        States: 0     ]
159 
  [ Inserted: pid 6126 State Creations: 0     ]
160 
@48(1000003670) block drop in log on lagg0 inet6 from fe80::290:bff:fe7c:8ce to any
161 
  [ Evaluations: 590395    Packets: 10        Bytes: 1870        States: 0     ]
162 
  [ Inserted: pid 6126 State Creations: 0     ]
163 
@49(1000003691) pass in quick on lagg0 inet proto udp from any port = bootpc to 255.255.255.255 port = bootps keep state label "allow access to DHCP server"
164 
  [ Evaluations: 466084    Packets: 1899      Bytes: 676638      States: 0     ]
165 
  [ Inserted: pid 6126 State Creations: 0     ]
166 
@50(1000003692) pass in quick on lagg0 inet proto udp from any port = bootpc to 192.168.0.1 port = bootps keep state label "allow access to DHCP server"
167 
  [ Evaluations: 1452      Packets: 2945      Bytes: 1026982     States: 1     ]
168 
  [ Inserted: pid 6126 State Creations: 6     ]
169 
@51(1000003693) pass out quick on lagg0 inet proto udp from 192.168.0.1 port = bootps to any port = bootpc keep state label "allow access to DHCP server"
170 
  [ Evaluations: 674387    Packets: 361       Bytes: 117954      States: 0     ]
171 
  [ Inserted: pid 6126 State Creations: 0     ]
172 
@52(1000004720) block drop in log on ! ix0 inet from 192.168.2.0/24 to any
173 
  [ Evaluations: 1019588   Packets: 0         Bytes: 0           States: 0     ]
174 
  [ Inserted: pid 6126 State Creations: 0     ]
175 
@53(1000004720) block drop in log inet from 192.168.2.1 to any
176 
  [ Evaluations: 1019227   Packets: 0         Bytes: 0           States: 0     ]
177 
  [ Inserted: pid 6126 State Creations: 0     ]
178 
@54(1000004720) block drop in log on ix0 inet6 from fe80::290:bff:fe7c:8cc to any
179 
  [ Evaluations: 1019227   Packets: 0         Bytes: 0           States: 0     ]
180 
  [ Inserted: pid 6126 State Creations: 0     ]
181 
@55(1000005770) block drop in log on ! lagg0.90 inet from 192.168.90.0/24 to any
182 
  [ Evaluations: 588400    Packets: 0         Bytes: 0           States: 0     ]
183 
  [ Inserted: pid 6126 State Creations: 0     ]
184 
@56(1000005770) block drop in log inet from 192.168.90.1 to any
185 
  [ Evaluations: 588400    Packets: 0         Bytes: 0           States: 0     ]
186 
  [ Inserted: pid 6126 State Creations: 0     ]
187 
@57(1000005770) block drop in log on lagg0.90 inet6 from fe80::290:bff:fe7c:8ce to any
188 
  [ Evaluations: 588400    Packets: 0         Bytes: 0           States: 0     ]
189 
  [ Inserted: pid 6126 State Creations: 0     ]
190 
@58(1000005791) pass in quick on lagg0.90 inet proto udp from any port = bootpc to 255.255.255.255 port = bootps keep state label "allow access to DHCP server"
191 
  [ Evaluations: 12553     Packets: 17        Bytes: 5876        States: 0     ]
192 
  [ Inserted: pid 6126 State Creations: 0     ]
193 
@59(1000005792) pass in quick on lagg0.90 inet proto udp from any port = bootpc to 192.168.90.1 port = bootps keep state label "allow access to DHCP server"
194 
  [ Evaluations: 14        Packets: 28        Bytes: 9400        States: 0     ]
195 
  [ Inserted: pid 6126 State Creations: 0     ]
196 
@60(1000005793) pass out quick on lagg0.90 inet proto udp from 192.168.90.1 port = bootps to any port = bootpc keep state label "allow access to DHCP server"
197 
  [ Evaluations: 440576    Packets: 15        Bytes: 4920        States: 0     ]
198 
  [ Inserted: pid 6126 State Creations: 0     ]
199 
@61(1000007911) pass in on lo0 inet all flags S/SA keep state label "pass IPv4 loopback"
200 
  [ Evaluations: 1019548   Packets: 15920977  Bytes: 1648600763  States: 19    ]
201 
  [ Inserted: pid 6126 State Creations: 29    ]
202 
@62(1000007912) pass out on lo0 inet all flags S/SA keep state label "pass IPv4 loopback"
203 
  [ Evaluations: 106334    Packets: 0         Bytes: 0           States: 0     ]
204 
  [ Inserted: pid 6126 State Creations: 0     ]
205 
@63(1000007913) pass out inet all flags S/SA keep state allow-opts label "let out anything IPv4 from firewall host itself"
206 
  [ Evaluations: 966380    Packets: 15937396  Bytes: 1654187647  States: 18    ]
207 
  [ Inserted: pid 6126 State Creations: 29    ]
208 
@64(1000008011) pass out route-to (igb0 47.SPC.MY.GW) inet from 47.SPC.MY.IP to ! 47.SPC.RNG.0/21 flags S/SA keep state allow-opts label "let out anything from firewall host itself"
209 
  [ Evaluations: 431177    Packets: 54145211  Bytes: 52642921601  States: 99    ]
210 
  [ Inserted: pid 6126 State Creations: 206   ]
211 
@65(1000008012) pass out route-to (igb1 99.DSX.MY.GW) inet from 99.DSX.MY.IP to ! 99.DSX.RNG.0/24 flags S/SA keep state allow-opts label "let out anything from firewall host itself"
212 
  [ Evaluations: 431177    Packets: 6376565   Bytes: 5086719838  States: 44    ]
213 
  [ Inserted: pid 6126 State Creations: 121   ]
214 
@66(10000) pass in quick on lagg0 proto tcp from any to (lagg0:3) port = https flags S/SA keep state label "anti-lockout rule"
215 
  [ Evaluations: 1020046   Packets: 459182    Bytes: 130724727   States: 0     ]
216 
  [ Inserted: pid 6126 State Creations: 0     ]
217 
@67(10000) pass in quick on lagg0 proto tcp from any to (lagg0:3) port = http flags S/SA keep state label "anti-lockout rule"
218 
  [ Evaluations: 1019316   Packets: 459182    Bytes: 130724727   States: 0     ]
219 
  [ Inserted: pid 6126 State Creations: 0     ]
220 
@68(0) anchor "userrules/*" all
221 
  [ Evaluations: 730       Packets: 0         Bytes: 0           States: 0     ]
222 
  [ Inserted: pid 6126 State Creations: 0     ]
223 
@69(1770001239) pass quick on lagg0 inet proto icmp from any to 10.10.10.1 icmp-type echoreq keep state label "USER_RULE: pfB_DNSBL_Ping"
224 
  [ Evaluations: 673741    Packets: 0         Bytes: 0           States: 0     ]
225 
  [ Inserted: pid 6126 State Creations: 0     ]
226 
@70(1770001239) pass quick on ix0 inet proto icmp from any to 10.10.10.1 icmp-type echoreq keep state label "USER_RULE: pfB_DNSBL_Ping"
227 
  [ Evaluations: 673435    Packets: 0         Bytes: 0           States: 0     ]
228 
  [ Inserted: pid 6126 State Creations: 0     ]
229 
@71(1770001239) pass quick on lagg0.90 inet proto icmp from any to 10.10.10.1 icmp-type echoreq keep state label "USER_RULE: pfB_DNSBL_Ping"
230 
  [ Evaluations: 673435    Packets: 0         Bytes: 0           States: 0     ]
231 
  [ Inserted: pid 6126 State Creations: 0     ]
232 
@72(1770001466) pass quick on lagg0 inet proto tcp from any to 10.10.10.1 port = 8081 flags S/SA keep state label "USER_RULE: pfB_DNSBL_Permit"
233 
  [ Evaluations: 664377    Packets: 0         Bytes: 0           States: 0     ]
234 
  [ Inserted: pid 6126 State Creations: 0     ]
235 
@73(1770001466) pass quick on lagg0 inet proto tcp from any to 10.10.10.1 port = 8443 flags S/SA keep state label "USER_RULE: pfB_DNSBL_Permit"
236 
  [ Evaluations: 663655    Packets: 0         Bytes: 0           States: 0     ]
237 
  [ Inserted: pid 6126 State Creations: 0     ]
238 
@74(1770001466) pass quick on lagg0 inet proto udp from any to 10.10.10.1 port = 8081 keep state label "USER_RULE: pfB_DNSBL_Permit"
239 
  [ Evaluations: 663814    Packets: 0         Bytes: 0           States: 0     ]
240 
  [ Inserted: pid 6126 State Creations: 0     ]
241 
@75(1770001466) pass quick on lagg0 inet proto udp from any to 10.10.10.1 port = 8443 keep state label "USER_RULE: pfB_DNSBL_Permit"
242 
  [ Evaluations: 663655    Packets: 0         Bytes: 0           States: 0     ]
243 
  [ Inserted: pid 6126 State Creations: 0     ]
244 
@76(1770001466) pass quick on ix0 inet proto tcp from any to 10.10.10.1 port = 8081 flags S/SA keep state label "USER_RULE: pfB_DNSBL_Permit"
245 
  [ Evaluations: 664085    Packets: 0         Bytes: 0           States: 0     ]
246 
  [ Inserted: pid 6126 State Creations: 0     ]
247 
@77(1770001466) pass quick on ix0 inet proto tcp from any to 10.10.10.1 port = 8443 flags S/SA keep state label "USER_RULE: pfB_DNSBL_Permit"
248 
  [ Evaluations: 663655    Packets: 0         Bytes: 0           States: 0     ]
249 
  [ Inserted: pid 6126 State Creations: 0     ]
250 
@78(1770001466) pass quick on ix0 inet proto udp from any to 10.10.10.1 port = 8081 keep state label "USER_RULE: pfB_DNSBL_Permit"
251 
  [ Evaluations: 663655    Packets: 0         Bytes: 0           States: 0     ]
252 
  [ Inserted: pid 6126 State Creations: 0     ]
253 
@79(1770001466) pass quick on ix0 inet proto udp from any to 10.10.10.1 port = 8443 keep state label "USER_RULE: pfB_DNSBL_Permit"
254 
  [ Evaluations: 663655    Packets: 0         Bytes: 0           States: 0     ]
255 
  [ Inserted: pid 6126 State Creations: 0     ]
256 
@80(1770001466) pass quick on lagg0.90 inet proto tcp from any to 10.10.10.1 port = 8081 flags S/SA keep state label "USER_RULE: pfB_DNSBL_Permit"
257 
  [ Evaluations: 664085    Packets: 0         Bytes: 0           States: 0     ]
258 
  [ Inserted: pid 6126 State Creations: 0     ]
259 
@81(1770001466) pass quick on lagg0.90 inet proto tcp from any to 10.10.10.1 port = 8443 flags S/SA keep state label "USER_RULE: pfB_DNSBL_Permit"
260 
  [ Evaluations: 663655    Packets: 0         Bytes: 0           States: 0     ]
261 
  [ Inserted: pid 6126 State Creations: 0     ]
262 
@82(1770001466) pass quick on lagg0.90 inet proto udp from any to 10.10.10.1 port = 8081 keep state label "USER_RULE: pfB_DNSBL_Permit"
263 
  [ Evaluations: 663655    Packets: 0         Bytes: 0           States: 0     ]
264 
  [ Inserted: pid 6126 State Creations: 0     ]
265 
@83(1770001466) pass quick on lagg0.90 inet proto udp from any to 10.10.10.1 port = 8443 keep state label "USER_RULE: pfB_DNSBL_Permit"
266 
  [ Evaluations: 663655    Packets: 0         Bytes: 0           States: 0     ]
267 
  [ Inserted: pid 6126 State Creations: 0     ]
268 
@84(1770005154) block return log quick on lagg0 inet from any to <pfB_PRI1_v4:19586> label "USER_RULE: pfB_PRI1_v4 auto rule"
269 
  [ Evaluations: 673741    Packets: 0         Bytes: 0           States: 0     ]
270 
  [ Inserted: pid 6126 State Creations: 0     ]
271 
@85(1770005154) block return log quick on ix0 inet from any to <pfB_PRI1_v4:19586> label "USER_RULE: pfB_PRI1_v4 auto rule"
272 
  [ Evaluations: 673435    Packets: 0         Bytes: 0           States: 0     ]
273 
  [ Inserted: pid 6126 State Creations: 0     ]
274 
@86(1770005154) block return log quick on lagg0.90 inet from any to <pfB_PRI1_v4:19586> label "USER_RULE: pfB_PRI1_v4 auto rule"
275 
  [ Evaluations: 673435    Packets: 0         Bytes: 0           States: 0     ]
276 
  [ Inserted: pid 6126 State Creations: 0     ]
277 
@87(1586704425) pass in quick on LOCAL_NETS route-to (igb0 47.SPC.MY.GW) inet proto tcp from any to 192.168.100.1 flags S/SA keep state label "USER_RULE: Spectrum Modem Interface Connection"
278 
  [ Evaluations: 672241    Packets: 4145      Bytes: 2608574     States: 0     ]
279 
  [ Inserted: pid 6126 State Creations: 0     ]
280 
@88(1586704425) pass in quick on LOCAL_NETS route-to (igb0 47.SPC.MY.GW) inet proto udp from any to 192.168.100.1 keep state label "USER_RULE: Spectrum Modem Interface Connection"
281 
  [ Evaluations: 671678    Packets: 4145      Bytes: 2608574     States: 0     ]
282 
  [ Inserted: pid 6126 State Creations: 0     ]
283 
@89(1586704583) pass in quick on LOCAL_NETS route-to (igb1 99.DSX.MY.GW) inet proto tcp from any to 192.168.1.254 flags S/SA keep state label "USER_RULE: DSL-X Modem Interface Connection"
284 
  [ Evaluations: 299481    Packets: 660       Bytes: 216563      States: 0     ]
285 
  [ Inserted: pid 6126 State Creations: 0     ]
286 
@90(1586704583) pass in quick on LOCAL_NETS route-to (igb1 99.DSX.MY.GW) inet proto udp from any to 192.168.1.254 keep state label "USER_RULE: DSL-X Modem Interface Connection"
287 
  [ Evaluations: 299347    Packets: 660       Bytes: 216563      States: 0     ]
288 
  [ Inserted: pid 6126 State Creations: 0     ]
289 
@91(1586726603) pass in quick on LOCAL_NETS inet proto tcp from <_LOCAL_NETS:2> to (self:7) port = https flags S/SA keep state label "USER_RULE: Management Interface"
290 
  [ Evaluations: 107882    Packets: 0         Bytes: 0           States: 0     ]
291 
  [ Inserted: pid 6126 State Creations: 0     ]
292 
@92(1586726603) pass in quick on LOCAL_NETS inet proto tcp from <_LOCAL_NETS:2> to (self:7) port = http flags S/SA keep state label "USER_RULE: Management Interface"
293 
  [ Evaluations: 107581    Packets: 0         Bytes: 0           States: 0     ]
294 
  [ Inserted: pid 6126 State Creations: 0     ]
295 
@93(1586726603) pass in quick on LOCAL_NETS inet proto udp from <_LOCAL_NETS:2> to (self:7) port = https keep state label "USER_RULE: Management Interface"
296 
  [ Evaluations: 107748    Packets: 0         Bytes: 0           States: 0     ]
297 
  [ Inserted: pid 6126 State Creations: 0     ]
298 
@94(1586726603) pass in quick on LOCAL_NETS inet proto udp from <_LOCAL_NETS:2> to (self:7) port = http keep state label "USER_RULE: Management Interface"
299 
  [ Evaluations: 107628    Packets: 0         Bytes: 0           States: 0     ]
300 
  [ Inserted: pid 6126 State Creations: 0     ]
301 
@95(10000001) pass in quick on LOCAL_NETS inet from <_WEB_ACCS:17> to <negate_networks:0> flags S/SA keep state label "NEGATE_ROUTE: Negate policy routing for destination"
302 
  [ Evaluations: 299189    Packets: 0         Bytes: 0           States: 0     ]
303 
  [ Inserted: pid 6126 State Creations: 0     ]
304 
@96(1586747664) pass in quick on LOCAL_NETS route-to { (igb0 47.SPC.MY.GW), (igb0 47.SPC.MY.GW), (igb0 47.SPC.MY.GW), (igb0 47.SPC.MY.GW), (igb0 47.SPC.MY.GW) } round-robin inet from <_WEB_ACCS:17> to any flags S/SA keep state label "USER_RULE: Schedule bypass - Enable for Special Occasions"
305 
  [ Evaluations: 1604      Packets: 232792    Bytes: 216670917   States: 86    ]
306 
  [ Inserted: pid 6126 State Creations: 177   ]
307 
@97(10000002) pass in quick on LOCAL_NETS inet from <_ACCS_XCPTN:2> to <negate_networks:0> flags S/SA keep state label "NEGATE_ROUTE: Negate policy routing for destination"
308 
  [ Evaluations: 249307    Packets: 0         Bytes: 0           States: 0     ]
309 
  [ Inserted: pid 6126 State Creations: 0     ]
310 
@98(1586710355) pass in quick on LOCAL_NETS route-to { (igb0 47.SPC.MY.GW), (igb0 47.SPC.MY.GW), (igb0 47.SPC.MY.GW), (igb0 47.SPC.MY.GW), (igb0 47.SPC.MY.GW) } round-robin inet from <_ACCS_XCPTN:2> to any flags S/SA keep state label "USER_RULE: Access Exception Devices"
311 
  [ Evaluations: 14702     Packets: 1776909   Bytes: 1439570696  States: 0     ]
312 
  [ Inserted: pid 6126 State Creations: 0     ]
313 
@99(1586552588) block drop in quick on LOCAL_NETS inet from <_WEB_ACCS:17> to any label "USER_RULE"
314 
  [ Evaluations: 44477     Packets: 36257     Bytes: 3389087     States: 0     ]
315 
  [ Inserted: pid 6126 State Creations: 0     ]
316 
@100(10000003) pass in quick on LOCAL_NETS inet from <_PREF_SPECTRUM:10> to <negate_networks:0> flags S/SA keep state label "NEGATE_ROUTE: Negate policy routing for destination"
317 
  [ Evaluations: 152260    Packets: 0         Bytes: 0           States: 0     ]
318 
  [ Inserted: pid 6126 State Creations: 0     ]
319 
@101(1586553819) pass in quick on LOCAL_NETS route-to { (igb0 47.SPC.MY.GW), (igb0 47.SPC.MY.GW), (igb0 47.SPC.MY.GW), (igb0 47.SPC.MY.GW), (igb0 47.SPC.MY.GW) } round-robin inet from <_PREF_SPECTRUM:10> to any flags S/SA keep state label "USER_RULE: Spectrum Preferred LOCAL_NETS to any rule"
320 
  [ Evaluations: 38928     Packets: 1090692   Bytes: 894180851   States: 10    ]
321 
  [ Inserted: pid 6126 State Creations: 19    ]
322 
@102(10000004) pass in quick on LOCAL_NETS inet from <_PREF_DSL_X:22> to <negate_networks:0> flags S/SA keep state label "NEGATE_ROUTE: Negate policy routing for destination"
323 
  [ Evaluations: 111029    Packets: 0         Bytes: 0           States: 0     ]
324 
  [ Inserted: pid 6126 State Creations: 0     ]
325 
@103(1586553907) pass in quick on LOCAL_NETS route-to (igb1 99.DSX.MY.GW) inet from <_PREF_DSL_X:22> to any flags S/SA keep state label "USER_RULE: DSL-X Preferred LOCAL_NETS to any rule"
326 
  [ Evaluations: 104798    Packets: 4638234   Bytes: 3690934060  States: 46    ]
327 
  [ Inserted: pid 6126 State Creations: 88    ]
328 
@104(10000005) pass in quick on LOCAL_NETS inet from <_BAL_SPCTRM_DSL_X:8> to <negate_networks:0> flags S/SA keep state label "NEGATE_ROUTE: Negate policy routing for destination"
329 
  [ Evaluations: 129       Packets: 0         Bytes: 0           States: 0     ]
330 
  [ Inserted: pid 6126 State Creations: 0     ]
331 
@105(1586553946) pass in quick on LOCAL_NETS route-to { (igb0 47.SPC.MY.GW), (igb0 47.SPC.MY.GW), (igb0 47.SPC.MY.GW), (igb0 47.SPC.MY.GW), (igb0 47.SPC.MY.GW), (igb1 99.DSX.MY.GW) } round-robin sticky-address inet from <_BAL_SPCTRM_DSL_X:8> to any flags S/SA keep state label "USER_RULE: Balance Spectrum / DSL-X - LOCAL_NETS to any rule"
332 
  [ Evaluations: 7553      Packets: 11375     Bytes: 1792932     States: 1     ]
333 
  [ Inserted: pid 6126 State Creations: 5     ]
334 
@106(1586743170) pass in quick on lagg0 inet proto tcp from any to 127.0.0.1 port = 8443 flags S/SA keep state label "USER_RULE: NAT pfB DNSBL - DO NOT EDIT"
335 
  [ Evaluations: 242183    Packets: 0         Bytes: 0           States: 0     ]
336 
  [ Inserted: pid 6126 State Creations: 0     ]
337 
@107(0) anchor "tftp-proxy/*" all
338 
  [ Evaluations: 441       Packets: 0         Bytes: 0           States: 0     ]
339 
  [ Inserted: pid 6126 State Creations: 0     ]
(3-3/4)