Project

General

Profile

Download (19.2 KB)

Bug #3666 » broken-pfctl-vvsr.txt

Chris Buechler, 06/11/2014 05:59 AM

 
1 
@0(0) scrub on em0 all max-mss 960 fragment reassemble
2 
  [ Evaluations: 2116      Packets: 1832      Bytes: 104244      States: 0     ]
3 
  [ Inserted: pid 96025 State Creations: 18446735277671789312]
4 
@1(0) scrub on em1 all fragment reassemble
5 
  [ Evaluations: 284       Packets: 276       Bytes: 38577       States: 0     ]
6 
  [ Inserted: pid 96025 State Creations: 18446735277671789336]
7 
@0(0) anchor "relayd/*" all
8 
  [ Evaluations: 21        Packets: 0         Bytes: 0           States: 0     ]
9 
  [ Inserted: pid 96025 State Creations: 18446735277671772888]
10 
@1(0) anchor "openvpn/*" all
11 
  [ Evaluations: 21        Packets: 0         Bytes: 0           States: 0     ]
12 
  [ Inserted: pid 96025 State Creations: 18446735277671772864]
13 
@2(0) anchor "ipsec/*" all
14 
  [ Evaluations: 21        Packets: 0         Bytes: 0           States: 0     ]
15 
  [ Inserted: pid 96025 State Creations: 18446735277671772840]
16 
@3(0) block drop in log inet all label "Default deny rule IPv4"
17 
  [ Evaluations: 21        Packets: 0         Bytes: 0           States: 0     ]
18 
  [ Inserted: pid 96025 State Creations: 18446735277671772816]
19 
@4(0) block drop out log inet all label "Default deny rule IPv4"
20 
  [ Evaluations: 21        Packets: 0         Bytes: 0           States: 0     ]
21 
  [ Inserted: pid 96025 State Creations: 18446735277671772792]
22 
@5(0) block drop in log inet6 all label "Default deny rule IPv6"
23 
  [ Evaluations: 21        Packets: 0         Bytes: 0           States: 0     ]
24 
  [ Inserted: pid 96025 State Creations: 18446735277671772768]
25 
@6(0) block drop out log inet6 all label "Default deny rule IPv6"
26 
  [ Evaluations: 11        Packets: 0         Bytes: 0           States: 0     ]
27 
  [ Inserted: pid 96025 State Creations: 18446735277671772744]
28 
@7(1000000101) pass quick inet6 proto ipv6-icmp all icmp6-type unreach keep state
29 
  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
30 
  [ Inserted: pid 96025 State Creations: 18446735277861557112]
31 
@8(1000000101) pass quick inet6 proto ipv6-icmp all icmp6-type toobig keep state
32 
  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
33 
  [ Inserted: pid 96025 State Creations: 18446735277697729144]
34 
@9(1000000101) pass quick inet6 proto ipv6-icmp all icmp6-type neighbrsol keep state
35 
  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
36 
  [ Inserted: pid 96025 State Creations: 18446735277697729240]
37 
@10(1000000101) pass quick inet6 proto ipv6-icmp all icmp6-type neighbradv keep state
38 
  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
39 
  [ Inserted: pid 96025 State Creations: 18446735277861557088]
40 
@11(1000000102) pass out quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type echorep keep state
41 
  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
42 
  [ Inserted: pid 96025 State Creations: 18446735277677593352]
43 
@12(1000000102) pass out quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type routersol keep state
44 
  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
45 
  [ Inserted: pid 96025 State Creations: 18446735277861556336]
46 
@13(1000000102) pass out quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type routeradv keep state
47 
  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
48 
  [ Inserted: pid 96025 State Creations: 18446735277861556528]
49 
@14(1000000102) pass out quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type neighbrsol keep state
50 
  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
51 
  [ Inserted: pid 96025 State Creations: 18446735277697913176]
52 
@15(1000000102) pass out quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type neighbradv keep state
53 
  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
54 
  [ Inserted: pid 96025 State Creations: 18446735277697913200]
55 
@16(1000000103) pass out quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type echorep keep state
56 
  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
57 
  [ Inserted: pid 96025 State Creations: 18446735277697913224]
58 
@17(1000000103) pass out quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type routersol keep state
59 
  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
60 
  [ Inserted: pid 96025 State Creations: 18446735277697729000]
61 
@18(1000000103) pass out quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type routeradv keep state
62 
  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
63 
  [ Inserted: pid 96025 State Creations: 18446735277697729024]
64 
@19(1000000103) pass out quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type neighbrsol keep state
65 
  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
66 
  [ Inserted: pid 96025 State Creations: 18446735277697729048]
67 
@20(1000000103) pass out quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type neighbradv keep state
68 
  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
69 
  [ Inserted: pid 96025 State Creations: 18446735277697729072]
70 
@21(1000000104) pass in quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type echoreq keep state
71 
  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
72 
  [ Inserted: pid 96025 State Creations: 18446735277697729120]
73 
@22(1000000104) pass in quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type routersol keep state
74 
  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
75 
  [ Inserted: pid 96025 State Creations: 18446735277697729168]
76 
@23(1000000104) pass in quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type routeradv keep state
77 
  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
78 
  [ Inserted: pid 96025 State Creations: 18446735277697912920]
79 
@24(1000000104) pass in quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type neighbrsol keep state
80 
  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
81 
  [ Inserted: pid 96025 State Creations: 18446735277697912896]
82 
@25(1000000104) pass in quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type neighbradv keep state
83 
  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
84 
  [ Inserted: pid 96025 State Creations: 18446735277697912872]
85 
@26(1000000105) pass in quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 icmp6-type echoreq keep state
86 
  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
87 
  [ Inserted: pid 96025 State Creations: 18446735277697913160]
88 
@27(1000000105) pass in quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 icmp6-type routersol keep state
89 
  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
90 
  [ Inserted: pid 96025 State Creations: 18446735277697913136]
91 
@28(1000000105) pass in quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 icmp6-type routeradv keep state
92 
  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
93 
  [ Inserted: pid 96025 State Creations: 18446735277697912848]
94 
@29(1000000105) pass in quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 icmp6-type neighbrsol keep state
95 
  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
96 
  [ Inserted: pid 96025 State Creations: 18446735277697827832]
97 
@30(1000000105) pass in quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 icmp6-type neighbradv keep state
98 
  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
99 
  [ Inserted: pid 96025 State Creations: 18446735277697827808]
100 
@31(1000000106) pass in quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type echoreq keep state
101 
  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
102 
  [ Inserted: pid 96025 State Creations: 18446735277697827784]
103 
@32(1000000106) pass in quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type routersol keep state
104 
  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
105 
  [ Inserted: pid 96025 State Creations: 18446735277697827760]
106 
@33(1000000106) pass in quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type routeradv keep state
107 
  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
108 
  [ Inserted: pid 96025 State Creations: 18446735277697827736]
109 
@34(1000000106) pass in quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type neighbrsol keep state
110 
  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
111 
  [ Inserted: pid 96025 State Creations: 18446735277697827712]
112 
@35(1000000106) pass in quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type neighbradv keep state
113 
  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
114 
  [ Inserted: pid 96025 State Creations: 18446735277697827688]
115 
@36(1000000107) block drop log quick inet proto tcp from any port = 0 to any
116 
  [ Evaluations: 81        Packets: 0         Bytes: 0           States: 0     ]
117 
  [ Inserted: pid 96025 State Creations: 18446735277697827664]
118 
@37(1000000107) block drop log quick inet proto udp from any port = 0 to any
119 
  [ Evaluations: 73        Packets: 0         Bytes: 0           States: 0     ]
120 
  [ Inserted: pid 96025 State Creations: 18446735277697827640]
121 
@38(1000000108) block drop log quick inet proto tcp from any to any port = 0
122 
  [ Evaluations: 81        Packets: 0         Bytes: 0           States: 0     ]
123 
  [ Inserted: pid 96025 State Creations: 18446735277697827616]
124 
@39(1000000108) block drop log quick inet proto udp from any to any port = 0
125 
  [ Evaluations: 73        Packets: 0         Bytes: 0           States: 0     ]
126 
  [ Inserted: pid 96025 State Creations: 18446735277697827592]
127 
@40(1000000109) block drop log quick inet6 proto tcp from any port = 0 to any
128 
  [ Evaluations: 81        Packets: 0         Bytes: 0           States: 0     ]
129 
  [ Inserted: pid 96025 State Creations: 18446735277697827568]
130 
@41(1000000109) block drop log quick inet6 proto udp from any port = 0 to any
131 
  [ Evaluations: 60        Packets: 0         Bytes: 0           States: 0     ]
132 
  [ Inserted: pid 96025 State Creations: 18446735277697827544]
133 
@42(1000000110) block drop log quick inet6 proto tcp from any to any port = 0
134 
  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
135 
  [ Inserted: pid 96025 State Creations: 18446735277697827520]
136 
@43(1000000110) block drop log quick inet6 proto udp from any to any port = 0
137 
  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
138 
  [ Inserted: pid 96025 State Creations: 18446735277697827496]
139 
@44(1000000111) block drop log quick from <snort2c:0> to any label "Block snort2c hosts"
140 
  [ Evaluations: 81        Packets: 0         Bytes: 0           States: 0     ]
141 
  [ Inserted: pid 96025 State Creations: 18446735277697827472]
142 
@45(1000000112) block drop log quick from any to <snort2c:0> label "Block snort2c hosts"
143 
  [ Evaluations: 81        Packets: 0         Bytes: 0           States: 0     ]
144 
  [ Inserted: pid 96025 State Creations: 18446735277697827448]
145 
@46(1000000301) block drop in log quick proto tcp from <sshlockout:0> to (self:8) port = ssh label "sshlockout"
146 
  [ Evaluations: 81        Packets: 0         Bytes: 0           States: 0     ]
147 
  [ Inserted: pid 96025 State Creations: 18446735277697827424]
148 
@47(1000000351) block drop in log quick proto tcp from <webConfiguratorlockout:0> to (self:8) port = https label "webConfiguratorlockout"
149 
  [ Evaluations: 33        Packets: 0         Bytes: 0           States: 0     ]
150 
  [ Inserted: pid 96025 State Creations: 18446735277697827400]
151 
@48(1000000400) block drop in log quick from <virusprot:0> to any label "virusprot overload table"
152 
  [ Evaluations: 45        Packets: 0         Bytes: 0           States: 0     ]
153 
  [ Inserted: pid 96025 State Creations: 18446735277697827376]
154 
@49(1000001561) pass in quick on em0 inet6 proto udp from fe80::/10 port = dhcpv6-client to fe80::/10 port = dhcpv6-client keep state label "allow dhcpv6 client in WAN"
155 
  [ Evaluations: 45        Packets: 0         Bytes: 0           States: 0     ]
156 
  [ Inserted: pid 96025 State Creations: 18446735277697827352]
157 
@50(1000001562) pass in quick on em0 proto udp from any port = dhcpv6-server to any port = dhcpv6-client keep state label "allow dhcpv6 client in WAN"
158 
  [ Evaluations: 13        Packets: 0         Bytes: 0           States: 0     ]
159 
  [ Inserted: pid 96025 State Creations: 18446735277697827328]
160 
@51(1000001563) pass out quick on em0 proto udp from any port = dhcpv6-client to any port = dhcpv6-server keep state label "allow dhcpv6 client out WAN"
161 
  [ Evaluations: 36        Packets: 0         Bytes: 0           States: 0     ]
162 
  [ Inserted: pid 96025 State Creations: 18446735277697827304]
163 
@52(1000001570) block drop in log on ! em0 inet from 192.0.2.0/24 to any
164 
  [ Evaluations: 81        Packets: 0         Bytes: 0           States: 0     ]
165 
  [ Inserted: pid 96025 State Creations: 18446735277707866360]
166 
@53(1000001570) block drop in log inet from 192.0.2.100 to any
167 
  [ Evaluations: 77        Packets: 0         Bytes: 0           States: 0     ]
168 
  [ Inserted: pid 96025 State Creations: 18446735277707866336]
169 
@54(1000001570) block drop in log on em0 inet6 from fe80::a00:27ff:fe63:a7c8 to any
170 
  [ Evaluations: 70        Packets: 0         Bytes: 0           States: 0     ]
171 
  [ Inserted: pid 96025 State Creations: 18446735277697827280]
172 
@55(1000001591) pass in on em0 proto udp from any port = bootps to any port = bootpc keep state label "allow dhcp client out WAN"
173 
  [ Evaluations: 13        Packets: 0         Bytes: 0           States: 0     ]
174 
  [ Inserted: pid 96025 State Creations: 18446735277697827256]
175 
@56(1000001592) pass out on em0 proto udp from any port = bootpc to any port = bootps keep state label "allow dhcp client out WAN"
176 
  [ Evaluations: 36        Packets: 0         Bytes: 0           States: 0     ]
177 
  [ Inserted: pid 96025 State Creations: 18446735277707866480]
178 
@57(1000002620) block drop in log on em1 inet6 from fe80::a00:27ff:fe23:abd3 to any
179 
  [ Evaluations: 81        Packets: 0         Bytes: 0           States: 0     ]
180 
  [ Inserted: pid 96025 State Creations: 18446735277707866456]
181 
@58(1000002620) block drop in log on em1 inet6 from fe80::1:1 to any
182 
  [ Evaluations: 60        Packets: 0         Bytes: 0           States: 0     ]
183 
  [ Inserted: pid 96025 State Creations: 18446735277707866432]
184 
@59(1000002620) block drop in log on ! em1 inet from 192.168.31.0/24 to any
185 
  [ Evaluations: 81        Packets: 0         Bytes: 0           States: 0     ]
186 
  [ Inserted: pid 96025 State Creations: 18446735277707866408]
187 
@60(1000002620) block drop in log inet from 192.168.31.1 to any
188 
  [ Evaluations: 70        Packets: 0         Bytes: 0           States: 0     ]
189 
  [ Inserted: pid 96025 State Creations: 18446735277707866384]
190 
@61(1000002641) pass in quick on em1 inet proto udp from any port = bootpc to 255.255.255.255 port = bootps keep state label "allow access to DHCP server"
191 
  [ Evaluations: 45        Packets: 0         Bytes: 0           States: 0     ]
192 
  [ Inserted: pid 96025 State Creations: 18446735277707866312]
193 
@62(1000002642) pass in quick on em1 inet proto udp from any port = bootpc to 192.168.31.1 port = bootps keep state label "allow access to DHCP server"
194 
  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
195 
  [ Inserted: pid 96025 State Creations: 18446735277707866288]
196 
@63(1000002643) pass out quick on em1 inet proto udp from 192.168.31.1 port = bootps to any port = bootpc keep state label "allow access to DHCP server"
197 
  [ Evaluations: 40        Packets: 0         Bytes: 0           States: 0     ]
198 
  [ Inserted: pid 96025 State Creations: 18446735277707866264]
199 
@64(1000002661) pass in on lo0 inet all flags S/SA keep state label "pass IPv4 loopback"
200 
  [ Evaluations: 81        Packets: 8         Bytes: 536         States: 0     ]
201 
  [ Inserted: pid 96025 State Creations: 18446735277707866240]
202 
@65(1000002662) pass out on lo0 inet all flags S/SA keep state label "pass IPv4 loopback"
203 
  [ Evaluations: 12        Packets: 0         Bytes: 0           States: 0     ]
204 
  [ Inserted: pid 96025 State Creations: 18446735277707866216]
205 
@66(1000002663) pass in on lo0 inet6 all flags S/SA keep state label "pass IPv6 loopback"
206 
  [ Evaluations: 12        Packets: 0         Bytes: 0           States: 0     ]
207 
  [ Inserted: pid 96025 State Creations: 18446735277707866192]
208 
@67(1000002664) pass out on lo0 inet6 all flags S/SA keep state label "pass IPv6 loopback"
209 
  [ Evaluations: 6         Packets: 0         Bytes: 0           States: 0     ]
210 
  [ Inserted: pid 96025 State Creations: 18446735277707866168]
211 
@68(1000002665) pass out inet all flags S/SA keep state allow-opts label "let out anything IPv4 from firewall host itself"
212 
  [ Evaluations: 81        Packets: 70        Bytes: 5309        States: 0     ]
213 
  [ Inserted: pid 96025 State Creations: 18446735277707866144]
214 
@69(1000002666) pass out inet6 all flags S/SA keep state allow-opts label "let out anything IPv6 from firewall host itself"
215 
  [ Evaluations: 36        Packets: 0         Bytes: 0           States: 0     ]
216 
  [ Inserted: pid 96025 State Creations: 18446735277707866120]
217 
@70(1000002761) pass out route-to (em0 192.0.2.1) inet from 192.0.2.100 to ! 192.0.2.0/24 flags S/SA keep state allow-opts label "let out anything from firewall host itself"
218 
  [ Evaluations: 36        Packets: 166       Bytes: 49657       States: 5     ]
219 
  [ Inserted: pid 96025 State Creations: 18446735277697913840]
220 
@71(1000003071) pass in quick on em1 proto tcp from any to (em1:3) port = https flags S/SA keep state label "anti-lockout rule"
221 
  [ Evaluations: 81        Packets: 0         Bytes: 0           States: 0     ]
222 
  [ Inserted: pid 96025 State Creations: 18446735277697913816]
223 
@72(1000003071) pass in quick on em1 proto tcp from any to (em1:3) port = http flags S/SA keep state label "anti-lockout rule"
224 
  [ Evaluations: 60        Packets: 0         Bytes: 0           States: 0     ]
225 
  [ Inserted: pid 96025 State Creations: 18446735277697913792]
226 
@73(1000003071) pass in quick on em1 proto tcp from any to (em1:3) port = ssh flags S/SA keep state label "anti-lockout rule"
227 
  [ Evaluations: 60        Packets: 0         Bytes: 0           States: 0     ]
228 
  [ Inserted: pid 96025 State Creations: 18446735277697913768]
229 
@74(0) anchor "userrules/*" all
230 
  [ Evaluations: 21        Packets: 0         Bytes: 0           States: 0     ]
231 
  [ Inserted: pid 96025 State Creations: 18446735277697913744]
232 
@75(0) pass in quick on em1 inet from 192.168.31.0/24 to any flags S/SA keep state label "USER_RULE: Default allow LAN to any rule"
233 
  [ Evaluations: 21        Packets: 139       Bytes: 42980       States: 4     ]
234 
  [ Inserted: pid 96025 State Creations: 18446735277697913720]
235 
@76(0) pass in quick on em0 reply-to (em0 192.0.2.1) inet all flags S/SA keep state label "USER_RULE: Allow all ipv4 via pfSsh.php"
236 
  [ Evaluations: 15        Packets: 0         Bytes: 0           States: 0     ]
237 
  [ Inserted: pid 96025 State Creations: 18446735277697913696]
238 
@77(0) pass in quick on em0 inet6 all flags S/SA keep state label "USER_RULE: Allow all ipv6 via pfSsh.php"
239 
  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
240 
  [ Inserted: pid 96025 State Creations: 18446735277697913672]
241 
@78(0) anchor "tftp-proxy/*" all
242 
  [ Evaluations: 15        Packets: 0         Bytes: 0           States: 0     ]
243 
  [ Inserted: pid 96025 State Creations: 18446735277697913648]
(2-2/3)