Project

General

Profile

Bug #9615 » FW-Rules-Redacted.txt

Firewall rules (verbose) - Benjamin Lee, 04/24/2020 01:03 PM

 
1
@0(0) scrub on igb0 all fragment reassemble
2
  [ Evaluations: 258109    Packets: 106022    Bytes: 11452982    States: 0     ]
3
  [ Inserted: pid 6126 State Creations: 0     ]
4
@1(0) scrub on igb1 all fragment reassemble
5
  [ Evaluations: 152077    Packets: 3567      Bytes: 222712      States: 0     ]
6
  [ Inserted: pid 6126 State Creations: 0     ]
7
@2(0) scrub on lagg0 all fragment reassemble
8
  [ Evaluations: 148510    Packets: 111872    Bytes: 12010819    States: 0     ]
9
  [ Inserted: pid 6126 State Creations: 0     ]
10
@3(0) scrub on ix0 all fragment reassemble
11
  [ Evaluations: 36635     Packets: 0         Bytes: 0           States: 0     ]
12
  [ Inserted: pid 6126 State Creations: 0     ]
13
@4(0) scrub on lagg0.90 all fragment reassemble
14
  [ Evaluations: 36635     Packets: 191       Bytes: 0           States: 0     ]
15
  [ Inserted: pid 6126 State Creations: 0     ]
16
@0(0) anchor "relayd/*" all
17
  [ Evaluations: 1002      Packets: 0         Bytes: 0           States: 0     ]
18
  [ Inserted: pid 6126 State Creations: 0     ]
19
@1(0) anchor "openvpn/*" all
20
  [ Evaluations: 1002      Packets: 0         Bytes: 0           States: 0     ]
21
  [ Inserted: pid 6126 State Creations: 0     ]
22
@2(0) anchor "ipsec/*" all
23
  [ Evaluations: 1002      Packets: 0         Bytes: 0           States: 0     ]
24
  [ Inserted: pid 6126 State Creations: 0     ]
25
@3(1000000001) pass in quick on lo0 inet6 all flags S/SA keep state label "pass IPv6 loopback"
26
  [ Evaluations: 1406069   Packets: 0         Bytes: 0           States: 0     ]
27
  [ Inserted: pid 6126 State Creations: 0     ]
28
@4(1000000002) pass out quick on lo0 inet6 all flags S/SA keep state label "pass IPv6 loopback"
29
  [ Evaluations: 53167     Packets: 0         Bytes: 0           States: 0     ]
30
  [ Inserted: pid 6126 State Creations: 0     ]
31
@5(1000000003) block drop in log quick inet6 all label "Block all IPv6"
32
  [ Evaluations: 1299735   Packets: 381686    Bytes: 40090346    States: 0     ]
33
  [ Inserted: pid 6126 State Creations: 0     ]
34
@6(1000000004) block drop out log quick inet6 all label "Block all IPv6"
35
  [ Evaluations: 378369    Packets: 0         Bytes: 0           States: 0     ]
36
  [ Inserted: pid 6126 State Creations: 0     ]
37
@7(1000000101) block drop in log quick inet from 169.254.0.0/16 to any label "Block IPv4 link-local"
38
  [ Evaluations: 1024384   Packets: 57        Bytes: 11050       States: 0     ]
39
  [ Inserted: pid 6126 State Creations: 0     ]
40
@8(1000000102) block drop in log quick inet from any to 169.254.0.0/16 label "Block IPv4 link-local"
41
  [ Evaluations: 592790    Packets: 18        Bytes: 9707        States: 0     ]
42
  [ Inserted: pid 6126 State Creations: 0     ]
43
@9(1000000103) block drop in log inet all label "Default deny rule IPv4"
44
  [ Evaluations: 592772    Packets: 102834    Bytes: 7959344     States: 0     ]
45
  [ Inserted: pid 6126 State Creations: 0     ]
46
@10(1000000104) block drop out log inet all label "Default deny rule IPv4"
47
  [ Evaluations: 1024308   Packets: 3709      Bytes: 319448      States: 0     ]
48
  [ Inserted: pid 6126 State Creations: 0     ]
49
@11(1000000105) block drop in log inet6 all label "Default deny rule IPv6"
50
  [ Evaluations: 1024309   Packets: 0         Bytes: 0           States: 0     ]
51
  [ Inserted: pid 6126 State Creations: 0     ]
52
@12(1000000106) block drop out log inet6 all label "Default deny rule IPv6"
53
  [ Evaluations: 431537    Packets: 0         Bytes: 0           States: 0     ]
54
  [ Inserted: pid 6126 State Creations: 0     ]
55
@13(1000000107) block drop log quick inet proto tcp from any port = 0 to any label "Block traffic from port 0"
56
  [ Evaluations: 1024309   Packets: 0         Bytes: 0           States: 0     ]
57
  [ Inserted: pid 6126 State Creations: 0     ]
58
@14(1000000107) block drop log quick inet proto udp from any port = 0 to any label "Block traffic from port 0"
59
  [ Evaluations: 1023948   Packets: 0         Bytes: 0           States: 0     ]
60
  [ Inserted: pid 6126 State Creations: 0     ]
61
@15(1000000108) block drop log quick inet proto tcp from any to any port = 0 label "Block traffic to port 0"
62
  [ Evaluations: 1024309   Packets: 0         Bytes: 0           States: 0     ]
63
  [ Inserted: pid 6126 State Creations: 0     ]
64
@16(1000000108) block drop log quick inet proto udp from any to any port = 0 label "Block traffic to port 0"
65
  [ Evaluations: 1023948   Packets: 0         Bytes: 0           States: 0     ]
66
  [ Inserted: pid 6126 State Creations: 0     ]
67
@17(1000000109) block drop log quick from <snort2c:0> to any label "Block snort2c hosts"
68
  [ Evaluations: 1024309   Packets: 0         Bytes: 0           States: 0     ]
69
  [ Inserted: pid 6126 State Creations: 0     ]
70
@18(1000000110) block drop log quick from any to <snort2c:0> label "Block snort2c hosts"
71
  [ Evaluations: 1024306   Packets: 0         Bytes: 0           States: 0     ]
72
  [ Inserted: pid 6126 State Creations: 0     ]
73
@19(1000000201) block drop in log quick proto carp from (self:13) to any
74
  [ Evaluations: 677150    Packets: 0         Bytes: 0           States: 0     ]
75
  [ Inserted: pid 6126 State Creations: 0     ]
76
@20(1000000202) pass quick proto carp all no state
77
  [ Evaluations: 288356    Packets: 0         Bytes: 0           States: 0     ]
78
  [ Inserted: pid 6126 State Creations: 0     ]
79
@21(1000000301) block drop in log quick proto tcp from <sshguard:0> to (self:13) port = ssh label "sshguard"
80
  [ Evaluations: 1024309   Packets: 0         Bytes: 0           States: 0     ]
81
  [ Inserted: pid 6126 State Creations: 0     ]
82
@22(1000000351) block drop in log quick proto tcp from <sshguard:0> to (self:13) port = https label "GUI Lockout"
83
  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
84
  [ Inserted: pid 6126 State Creations: 0     ]
85
@23(1000000400) block drop in log quick from <virusprot:0> to any label "virusprot overload table"
86
  [ Evaluations: 592948    Packets: 0         Bytes: 0           States: 0     ]
87
  [ Inserted: pid 6126 State Creations: 0     ]
88
@24(1000000561) pass in quick on igb0 proto udp from any port = bootps to any port = bootpc keep state label "allow dhcp client out SPECTRUM"
89
  [ Evaluations: 592767    Packets: 418       Bytes: 139419      States: 0     ]
90
  [ Inserted: pid 6126 State Creations: 0     ]
91
@25(1000000562) pass out quick on igb0 proto udp from any port = bootpc to any port = bootps keep state label "allow dhcp client out SPECTRUM"
92
  [ Evaluations: 433808    Packets: 38        Bytes: 12749       States: 0     ]
93
  [ Inserted: pid 6126 State Creations: 0     ]
94
@26(11000) block drop in log quick on igb0 from <bogons:486> to any label "block bogon IPv4 networks from SPECTRUM"
95
  [ Evaluations: 256297    Packets: 0         Bytes: 0           States: 0     ]
96
  [ Inserted: pid 6126 State Creations: 0     ]
97
@27(1000001570) block drop in log on ! igb0 inet from 47.SPC.RNG.0/21 to any
98
  [ Evaluations: 798702    Packets: 0         Bytes: 0           States: 0     ]
99
  [ Inserted: pid 6126 State Creations: 0     ]
100
@28(1000001570) block drop in log inet from 47.SPC.MY.IP to any
101
  [ Evaluations: 798547    Packets: 0         Bytes: 0           States: 0     ]
102
  [ Inserted: pid 6126 State Creations: 0     ]
103
@29(1000001570) block drop in log on igb0 inet6 from fe80::290:bff:fe7c:8ca to any
104
  [ Evaluations: 798547    Packets: 0         Bytes: 0           States: 0     ]
105
  [ Inserted: pid 6126 State Creations: 0     ]
106
@30(12000) block drop in log quick on igb0 inet from 10.0.0.0/8 to any label "Block private networks from SPECTRUM block 10/8"
107
  [ Evaluations: 30688     Packets: 0         Bytes: 0           States: 0     ]
108
  [ Inserted: pid 6126 State Creations: 0     ]
109
@31(12000) block drop in log quick on igb0 inet from 127.0.0.0/8 to any label "Block private networks from SPECTRUM block 127/8"
110
  [ Evaluations: 30688     Packets: 0         Bytes: 0           States: 0     ]
111
  [ Inserted: pid 6126 State Creations: 0     ]
112
@32(12000) block drop in log quick on igb0 inet from 172.16.0.0/12 to any label "Block private networks from SPECTRUM block 172.16/12"
113
  [ Evaluations: 30688     Packets: 0         Bytes: 0           States: 0     ]
114
  [ Inserted: pid 6126 State Creations: 0     ]
115
@33(12000) block drop in log quick on igb0 inet from 192.168.0.0/16 to any label "Block private networks from SPECTRUM block 192.168/16"
116
  [ Evaluations: 30688     Packets: 0         Bytes: 0           States: 0     ]
117
  [ Inserted: pid 6126 State Creations: 0     ]
118
@34(12000) block drop in log quick on igb0 inet6 from fc00::/7 to any label "Block ULA networks from SPECTRUM block fc00::/7"
119
  [ Evaluations: 30688     Packets: 0         Bytes: 0           States: 0     ]
120
  [ Inserted: pid 6126 State Creations: 0     ]
121
@35(11000) block drop in log quick on igb1 from <bogons:486> to any label "block bogon IPv4 networks from DSL_XTREME"
122
  [ Evaluations: 256447    Packets: 0         Bytes: 0           States: 0     ]
123
  [ Inserted: pid 6126 State Creations: 0     ]
124
@36(1000002620) block drop in log on ! igb1 inet from 99.DSX.RNG.0/24 to any
125
  [ Evaluations: 592531    Packets: 0         Bytes: 0           States: 0     ]
126
  [ Inserted: pid 6126 State Creations: 0     ]
127
@37(1000002620) block drop in log inet from 99.DSX.MY.IP to any
128
  [ Evaluations: 592531    Packets: 0         Bytes: 0           States: 0     ]
129
  [ Inserted: pid 6126 State Creations: 0     ]
130
@38(1000002620) block drop in log on igb1 inet6 from fe80::290:bff:fe7c:8cb to any
131
  [ Evaluations: 592531    Packets: 0         Bytes: 0           States: 0     ]
132
  [ Inserted: pid 6126 State Creations: 0     ]
133
@39(12000) block drop in log quick on igb1 inet from 10.0.0.0/8 to any label "Block private networks from DSL_XTREME block 10/8"
134
  [ Evaluations: 30688     Packets: 0         Bytes: 0           States: 0     ]
135
  [ Inserted: pid 6126 State Creations: 0     ]
136
@40(12000) block drop in log quick on igb1 inet from 127.0.0.0/8 to any label "Block private networks from DSL_XTREME block 127/8"
137
  [ Evaluations: 30688     Packets: 0         Bytes: 0           States: 0     ]
138
  [ Inserted: pid 6126 State Creations: 0     ]
139
@41(12000) block drop in log quick on igb1 inet from 172.16.0.0/12 to any label "Block private networks from DSL_XTREME block 172.16/12"
140
  [ Evaluations: 30688     Packets: 0         Bytes: 0           States: 0     ]
141
  [ Inserted: pid 6126 State Creations: 0     ]
142
@42(12000) block drop in log quick on igb1 inet from 192.168.0.0/16 to any label "Block private networks from DSL_XTREME block 192.168/16"
143
  [ Evaluations: 30688     Packets: 1         Bytes: 36          States: 0     ]
144
  [ Inserted: pid 6126 State Creations: 0     ]
145
@43(12000) block drop in log quick on igb1 inet6 from fc00::/7 to any label "Block ULA networks from DSL_XTREME block fc00::/7"
146
  [ Evaluations: 30687     Packets: 0         Bytes: 0           States: 0     ]
147
  [ Inserted: pid 6126 State Creations: 0     ]
148
@44(1000003670) block drop in log on ! lagg0 inet from 192.168.0.0/24 to any
149
  [ Evaluations: 590395    Packets: 10        Bytes: 1870        States: 0     ]
150
  [ Inserted: pid 6126 State Creations: 0     ]
151
@45(1000003670) block drop in log on ! lagg0 inet from 10.10.10.1 to any
152
  [ Evaluations: 590088    Packets: 10        Bytes: 1870        States: 0     ]
153
  [ Inserted: pid 6126 State Creations: 0     ]
154
@46(1000003670) block drop in log inet from 192.168.0.1 to any
155
  [ Evaluations: 590395    Packets: 10        Bytes: 1870        States: 0     ]
156
  [ Inserted: pid 6126 State Creations: 0     ]
157
@47(1000003670) block drop in log inet from 10.10.10.1 to any
158
  [ Evaluations: 590395    Packets: 10        Bytes: 1870        States: 0     ]
159
  [ Inserted: pid 6126 State Creations: 0     ]
160
@48(1000003670) block drop in log on lagg0 inet6 from fe80::290:bff:fe7c:8ce to any
161
  [ Evaluations: 590395    Packets: 10        Bytes: 1870        States: 0     ]
162
  [ Inserted: pid 6126 State Creations: 0     ]
163
@49(1000003691) pass in quick on lagg0 inet proto udp from any port = bootpc to 255.255.255.255 port = bootps keep state label "allow access to DHCP server"
164
  [ Evaluations: 466084    Packets: 1899      Bytes: 676638      States: 0     ]
165
  [ Inserted: pid 6126 State Creations: 0     ]
166
@50(1000003692) pass in quick on lagg0 inet proto udp from any port = bootpc to 192.168.0.1 port = bootps keep state label "allow access to DHCP server"
167
  [ Evaluations: 1452      Packets: 2945      Bytes: 1026982     States: 1     ]
168
  [ Inserted: pid 6126 State Creations: 6     ]
169
@51(1000003693) pass out quick on lagg0 inet proto udp from 192.168.0.1 port = bootps to any port = bootpc keep state label "allow access to DHCP server"
170
  [ Evaluations: 674387    Packets: 361       Bytes: 117954      States: 0     ]
171
  [ Inserted: pid 6126 State Creations: 0     ]
172
@52(1000004720) block drop in log on ! ix0 inet from 192.168.2.0/24 to any
173
  [ Evaluations: 1019588   Packets: 0         Bytes: 0           States: 0     ]
174
  [ Inserted: pid 6126 State Creations: 0     ]
175
@53(1000004720) block drop in log inet from 192.168.2.1 to any
176
  [ Evaluations: 1019227   Packets: 0         Bytes: 0           States: 0     ]
177
  [ Inserted: pid 6126 State Creations: 0     ]
178
@54(1000004720) block drop in log on ix0 inet6 from fe80::290:bff:fe7c:8cc to any
179
  [ Evaluations: 1019227   Packets: 0         Bytes: 0           States: 0     ]
180
  [ Inserted: pid 6126 State Creations: 0     ]
181
@55(1000005770) block drop in log on ! lagg0.90 inet from 192.168.90.0/24 to any
182
  [ Evaluations: 588400    Packets: 0         Bytes: 0           States: 0     ]
183
  [ Inserted: pid 6126 State Creations: 0     ]
184
@56(1000005770) block drop in log inet from 192.168.90.1 to any
185
  [ Evaluations: 588400    Packets: 0         Bytes: 0           States: 0     ]
186
  [ Inserted: pid 6126 State Creations: 0     ]
187
@57(1000005770) block drop in log on lagg0.90 inet6 from fe80::290:bff:fe7c:8ce to any
188
  [ Evaluations: 588400    Packets: 0         Bytes: 0           States: 0     ]
189
  [ Inserted: pid 6126 State Creations: 0     ]
190
@58(1000005791) pass in quick on lagg0.90 inet proto udp from any port = bootpc to 255.255.255.255 port = bootps keep state label "allow access to DHCP server"
191
  [ Evaluations: 12553     Packets: 17        Bytes: 5876        States: 0     ]
192
  [ Inserted: pid 6126 State Creations: 0     ]
193
@59(1000005792) pass in quick on lagg0.90 inet proto udp from any port = bootpc to 192.168.90.1 port = bootps keep state label "allow access to DHCP server"
194
  [ Evaluations: 14        Packets: 28        Bytes: 9400        States: 0     ]
195
  [ Inserted: pid 6126 State Creations: 0     ]
196
@60(1000005793) pass out quick on lagg0.90 inet proto udp from 192.168.90.1 port = bootps to any port = bootpc keep state label "allow access to DHCP server"
197
  [ Evaluations: 440576    Packets: 15        Bytes: 4920        States: 0     ]
198
  [ Inserted: pid 6126 State Creations: 0     ]
199
@61(1000007911) pass in on lo0 inet all flags S/SA keep state label "pass IPv4 loopback"
200
  [ Evaluations: 1019548   Packets: 15920977  Bytes: 1648600763  States: 19    ]
201
  [ Inserted: pid 6126 State Creations: 29    ]
202
@62(1000007912) pass out on lo0 inet all flags S/SA keep state label "pass IPv4 loopback"
203
  [ Evaluations: 106334    Packets: 0         Bytes: 0           States: 0     ]
204
  [ Inserted: pid 6126 State Creations: 0     ]
205
@63(1000007913) pass out inet all flags S/SA keep state allow-opts label "let out anything IPv4 from firewall host itself"
206
  [ Evaluations: 966380    Packets: 15937396  Bytes: 1654187647  States: 18    ]
207
  [ Inserted: pid 6126 State Creations: 29    ]
208
@64(1000008011) pass out route-to (igb0 47.SPC.MY.GW) inet from 47.SPC.MY.IP to ! 47.SPC.RNG.0/21 flags S/SA keep state allow-opts label "let out anything from firewall host itself"
209
  [ Evaluations: 431177    Packets: 54145211  Bytes: 52642921601  States: 99    ]
210
  [ Inserted: pid 6126 State Creations: 206   ]
211
@65(1000008012) pass out route-to (igb1 99.DSX.MY.GW) inet from 99.DSX.MY.IP to ! 99.DSX.RNG.0/24 flags S/SA keep state allow-opts label "let out anything from firewall host itself"
212
  [ Evaluations: 431177    Packets: 6376565   Bytes: 5086719838  States: 44    ]
213
  [ Inserted: pid 6126 State Creations: 121   ]
214
@66(10000) pass in quick on lagg0 proto tcp from any to (lagg0:3) port = https flags S/SA keep state label "anti-lockout rule"
215
  [ Evaluations: 1020046   Packets: 459182    Bytes: 130724727   States: 0     ]
216
  [ Inserted: pid 6126 State Creations: 0     ]
217
@67(10000) pass in quick on lagg0 proto tcp from any to (lagg0:3) port = http flags S/SA keep state label "anti-lockout rule"
218
  [ Evaluations: 1019316   Packets: 459182    Bytes: 130724727   States: 0     ]
219
  [ Inserted: pid 6126 State Creations: 0     ]
220
@68(0) anchor "userrules/*" all
221
  [ Evaluations: 730       Packets: 0         Bytes: 0           States: 0     ]
222
  [ Inserted: pid 6126 State Creations: 0     ]
223
@69(1770001239) pass quick on lagg0 inet proto icmp from any to 10.10.10.1 icmp-type echoreq keep state label "USER_RULE: pfB_DNSBL_Ping"
224
  [ Evaluations: 673741    Packets: 0         Bytes: 0           States: 0     ]
225
  [ Inserted: pid 6126 State Creations: 0     ]
226
@70(1770001239) pass quick on ix0 inet proto icmp from any to 10.10.10.1 icmp-type echoreq keep state label "USER_RULE: pfB_DNSBL_Ping"
227
  [ Evaluations: 673435    Packets: 0         Bytes: 0           States: 0     ]
228
  [ Inserted: pid 6126 State Creations: 0     ]
229
@71(1770001239) pass quick on lagg0.90 inet proto icmp from any to 10.10.10.1 icmp-type echoreq keep state label "USER_RULE: pfB_DNSBL_Ping"
230
  [ Evaluations: 673435    Packets: 0         Bytes: 0           States: 0     ]
231
  [ Inserted: pid 6126 State Creations: 0     ]
232
@72(1770001466) pass quick on lagg0 inet proto tcp from any to 10.10.10.1 port = 8081 flags S/SA keep state label "USER_RULE: pfB_DNSBL_Permit"
233
  [ Evaluations: 664377    Packets: 0         Bytes: 0           States: 0     ]
234
  [ Inserted: pid 6126 State Creations: 0     ]
235
@73(1770001466) pass quick on lagg0 inet proto tcp from any to 10.10.10.1 port = 8443 flags S/SA keep state label "USER_RULE: pfB_DNSBL_Permit"
236
  [ Evaluations: 663655    Packets: 0         Bytes: 0           States: 0     ]
237
  [ Inserted: pid 6126 State Creations: 0     ]
238
@74(1770001466) pass quick on lagg0 inet proto udp from any to 10.10.10.1 port = 8081 keep state label "USER_RULE: pfB_DNSBL_Permit"
239
  [ Evaluations: 663814    Packets: 0         Bytes: 0           States: 0     ]
240
  [ Inserted: pid 6126 State Creations: 0     ]
241
@75(1770001466) pass quick on lagg0 inet proto udp from any to 10.10.10.1 port = 8443 keep state label "USER_RULE: pfB_DNSBL_Permit"
242
  [ Evaluations: 663655    Packets: 0         Bytes: 0           States: 0     ]
243
  [ Inserted: pid 6126 State Creations: 0     ]
244
@76(1770001466) pass quick on ix0 inet proto tcp from any to 10.10.10.1 port = 8081 flags S/SA keep state label "USER_RULE: pfB_DNSBL_Permit"
245
  [ Evaluations: 664085    Packets: 0         Bytes: 0           States: 0     ]
246
  [ Inserted: pid 6126 State Creations: 0     ]
247
@77(1770001466) pass quick on ix0 inet proto tcp from any to 10.10.10.1 port = 8443 flags S/SA keep state label "USER_RULE: pfB_DNSBL_Permit"
248
  [ Evaluations: 663655    Packets: 0         Bytes: 0           States: 0     ]
249
  [ Inserted: pid 6126 State Creations: 0     ]
250
@78(1770001466) pass quick on ix0 inet proto udp from any to 10.10.10.1 port = 8081 keep state label "USER_RULE: pfB_DNSBL_Permit"
251
  [ Evaluations: 663655    Packets: 0         Bytes: 0           States: 0     ]
252
  [ Inserted: pid 6126 State Creations: 0     ]
253
@79(1770001466) pass quick on ix0 inet proto udp from any to 10.10.10.1 port = 8443 keep state label "USER_RULE: pfB_DNSBL_Permit"
254
  [ Evaluations: 663655    Packets: 0         Bytes: 0           States: 0     ]
255
  [ Inserted: pid 6126 State Creations: 0     ]
256
@80(1770001466) pass quick on lagg0.90 inet proto tcp from any to 10.10.10.1 port = 8081 flags S/SA keep state label "USER_RULE: pfB_DNSBL_Permit"
257
  [ Evaluations: 664085    Packets: 0         Bytes: 0           States: 0     ]
258
  [ Inserted: pid 6126 State Creations: 0     ]
259
@81(1770001466) pass quick on lagg0.90 inet proto tcp from any to 10.10.10.1 port = 8443 flags S/SA keep state label "USER_RULE: pfB_DNSBL_Permit"
260
  [ Evaluations: 663655    Packets: 0         Bytes: 0           States: 0     ]
261
  [ Inserted: pid 6126 State Creations: 0     ]
262
@82(1770001466) pass quick on lagg0.90 inet proto udp from any to 10.10.10.1 port = 8081 keep state label "USER_RULE: pfB_DNSBL_Permit"
263
  [ Evaluations: 663655    Packets: 0         Bytes: 0           States: 0     ]
264
  [ Inserted: pid 6126 State Creations: 0     ]
265
@83(1770001466) pass quick on lagg0.90 inet proto udp from any to 10.10.10.1 port = 8443 keep state label "USER_RULE: pfB_DNSBL_Permit"
266
  [ Evaluations: 663655    Packets: 0         Bytes: 0           States: 0     ]
267
  [ Inserted: pid 6126 State Creations: 0     ]
268
@84(1770005154) block return log quick on lagg0 inet from any to <pfB_PRI1_v4:19586> label "USER_RULE: pfB_PRI1_v4 auto rule"
269
  [ Evaluations: 673741    Packets: 0         Bytes: 0           States: 0     ]
270
  [ Inserted: pid 6126 State Creations: 0     ]
271
@85(1770005154) block return log quick on ix0 inet from any to <pfB_PRI1_v4:19586> label "USER_RULE: pfB_PRI1_v4 auto rule"
272
  [ Evaluations: 673435    Packets: 0         Bytes: 0           States: 0     ]
273
  [ Inserted: pid 6126 State Creations: 0     ]
274
@86(1770005154) block return log quick on lagg0.90 inet from any to <pfB_PRI1_v4:19586> label "USER_RULE: pfB_PRI1_v4 auto rule"
275
  [ Evaluations: 673435    Packets: 0         Bytes: 0           States: 0     ]
276
  [ Inserted: pid 6126 State Creations: 0     ]
277
@87(1586704425) pass in quick on LOCAL_NETS route-to (igb0 47.SPC.MY.GW) inet proto tcp from any to 192.168.100.1 flags S/SA keep state label "USER_RULE: Spectrum Modem Interface Connection"
278
  [ Evaluations: 672241    Packets: 4145      Bytes: 2608574     States: 0     ]
279
  [ Inserted: pid 6126 State Creations: 0     ]
280
@88(1586704425) pass in quick on LOCAL_NETS route-to (igb0 47.SPC.MY.GW) inet proto udp from any to 192.168.100.1 keep state label "USER_RULE: Spectrum Modem Interface Connection"
281
  [ Evaluations: 671678    Packets: 4145      Bytes: 2608574     States: 0     ]
282
  [ Inserted: pid 6126 State Creations: 0     ]
283
@89(1586704583) pass in quick on LOCAL_NETS route-to (igb1 99.DSX.MY.GW) inet proto tcp from any to 192.168.1.254 flags S/SA keep state label "USER_RULE: DSL-X Modem Interface Connection"
284
  [ Evaluations: 299481    Packets: 660       Bytes: 216563      States: 0     ]
285
  [ Inserted: pid 6126 State Creations: 0     ]
286
@90(1586704583) pass in quick on LOCAL_NETS route-to (igb1 99.DSX.MY.GW) inet proto udp from any to 192.168.1.254 keep state label "USER_RULE: DSL-X Modem Interface Connection"
287
  [ Evaluations: 299347    Packets: 660       Bytes: 216563      States: 0     ]
288
  [ Inserted: pid 6126 State Creations: 0     ]
289
@91(1586726603) pass in quick on LOCAL_NETS inet proto tcp from <_LOCAL_NETS:2> to (self:7) port = https flags S/SA keep state label "USER_RULE: Management Interface"
290
  [ Evaluations: 107882    Packets: 0         Bytes: 0           States: 0     ]
291
  [ Inserted: pid 6126 State Creations: 0     ]
292
@92(1586726603) pass in quick on LOCAL_NETS inet proto tcp from <_LOCAL_NETS:2> to (self:7) port = http flags S/SA keep state label "USER_RULE: Management Interface"
293
  [ Evaluations: 107581    Packets: 0         Bytes: 0           States: 0     ]
294
  [ Inserted: pid 6126 State Creations: 0     ]
295
@93(1586726603) pass in quick on LOCAL_NETS inet proto udp from <_LOCAL_NETS:2> to (self:7) port = https keep state label "USER_RULE: Management Interface"
296
  [ Evaluations: 107748    Packets: 0         Bytes: 0           States: 0     ]
297
  [ Inserted: pid 6126 State Creations: 0     ]
298
@94(1586726603) pass in quick on LOCAL_NETS inet proto udp from <_LOCAL_NETS:2> to (self:7) port = http keep state label "USER_RULE: Management Interface"
299
  [ Evaluations: 107628    Packets: 0         Bytes: 0           States: 0     ]
300
  [ Inserted: pid 6126 State Creations: 0     ]
301
@95(10000001) pass in quick on LOCAL_NETS inet from <_WEB_ACCS:17> to <negate_networks:0> flags S/SA keep state label "NEGATE_ROUTE: Negate policy routing for destination"
302
  [ Evaluations: 299189    Packets: 0         Bytes: 0           States: 0     ]
303
  [ Inserted: pid 6126 State Creations: 0     ]
304
@96(1586747664) pass in quick on LOCAL_NETS route-to { (igb0 47.SPC.MY.GW), (igb0 47.SPC.MY.GW), (igb0 47.SPC.MY.GW), (igb0 47.SPC.MY.GW), (igb0 47.SPC.MY.GW) } round-robin inet from <_WEB_ACCS:17> to any flags S/SA keep state label "USER_RULE: Schedule bypass - Enable for Special Occasions"
305
  [ Evaluations: 1604      Packets: 232792    Bytes: 216670917   States: 86    ]
306
  [ Inserted: pid 6126 State Creations: 177   ]
307
@97(10000002) pass in quick on LOCAL_NETS inet from <_ACCS_XCPTN:2> to <negate_networks:0> flags S/SA keep state label "NEGATE_ROUTE: Negate policy routing for destination"
308
  [ Evaluations: 249307    Packets: 0         Bytes: 0           States: 0     ]
309
  [ Inserted: pid 6126 State Creations: 0     ]
310
@98(1586710355) pass in quick on LOCAL_NETS route-to { (igb0 47.SPC.MY.GW), (igb0 47.SPC.MY.GW), (igb0 47.SPC.MY.GW), (igb0 47.SPC.MY.GW), (igb0 47.SPC.MY.GW) } round-robin inet from <_ACCS_XCPTN:2> to any flags S/SA keep state label "USER_RULE: Access Exception Devices"
311
  [ Evaluations: 14702     Packets: 1776909   Bytes: 1439570696  States: 0     ]
312
  [ Inserted: pid 6126 State Creations: 0     ]
313
@99(1586552588) block drop in quick on LOCAL_NETS inet from <_WEB_ACCS:17> to any label "USER_RULE"
314
  [ Evaluations: 44477     Packets: 36257     Bytes: 3389087     States: 0     ]
315
  [ Inserted: pid 6126 State Creations: 0     ]
316
@100(10000003) pass in quick on LOCAL_NETS inet from <_PREF_SPECTRUM:10> to <negate_networks:0> flags S/SA keep state label "NEGATE_ROUTE: Negate policy routing for destination"
317
  [ Evaluations: 152260    Packets: 0         Bytes: 0           States: 0     ]
318
  [ Inserted: pid 6126 State Creations: 0     ]
319
@101(1586553819) pass in quick on LOCAL_NETS route-to { (igb0 47.SPC.MY.GW), (igb0 47.SPC.MY.GW), (igb0 47.SPC.MY.GW), (igb0 47.SPC.MY.GW), (igb0 47.SPC.MY.GW) } round-robin inet from <_PREF_SPECTRUM:10> to any flags S/SA keep state label "USER_RULE: Spectrum Preferred LOCAL_NETS to any rule"
320
  [ Evaluations: 38928     Packets: 1090692   Bytes: 894180851   States: 10    ]
321
  [ Inserted: pid 6126 State Creations: 19    ]
322
@102(10000004) pass in quick on LOCAL_NETS inet from <_PREF_DSL_X:22> to <negate_networks:0> flags S/SA keep state label "NEGATE_ROUTE: Negate policy routing for destination"
323
  [ Evaluations: 111029    Packets: 0         Bytes: 0           States: 0     ]
324
  [ Inserted: pid 6126 State Creations: 0     ]
325
@103(1586553907) pass in quick on LOCAL_NETS route-to (igb1 99.DSX.MY.GW) inet from <_PREF_DSL_X:22> to any flags S/SA keep state label "USER_RULE: DSL-X Preferred LOCAL_NETS to any rule"
326
  [ Evaluations: 104798    Packets: 4638234   Bytes: 3690934060  States: 46    ]
327
  [ Inserted: pid 6126 State Creations: 88    ]
328
@104(10000005) pass in quick on LOCAL_NETS inet from <_BAL_SPCTRM_DSL_X:8> to <negate_networks:0> flags S/SA keep state label "NEGATE_ROUTE: Negate policy routing for destination"
329
  [ Evaluations: 129       Packets: 0         Bytes: 0           States: 0     ]
330
  [ Inserted: pid 6126 State Creations: 0     ]
331
@105(1586553946) pass in quick on LOCAL_NETS route-to { (igb0 47.SPC.MY.GW), (igb0 47.SPC.MY.GW), (igb0 47.SPC.MY.GW), (igb0 47.SPC.MY.GW), (igb0 47.SPC.MY.GW), (igb1 99.DSX.MY.GW) } round-robin sticky-address inet from <_BAL_SPCTRM_DSL_X:8> to any flags S/SA keep state label "USER_RULE: Balance Spectrum / DSL-X - LOCAL_NETS to any rule"
332
  [ Evaluations: 7553      Packets: 11375     Bytes: 1792932     States: 1     ]
333
  [ Inserted: pid 6126 State Creations: 5     ]
334
@106(1586743170) pass in quick on lagg0 inet proto tcp from any to 127.0.0.1 port = 8443 flags S/SA keep state label "USER_RULE: NAT pfB DNSBL - DO NOT EDIT"
335
  [ Evaluations: 242183    Packets: 0         Bytes: 0           States: 0     ]
336
  [ Inserted: pid 6126 State Creations: 0     ]
337
@107(0) anchor "tftp-proxy/*" all
338
  [ Evaluations: 441       Packets: 0         Bytes: 0           States: 0     ]
339
  [ Inserted: pid 6126 State Creations: 0     ]
(3-3/4)