

pfTop: Up Rule 1-134/134, View: rules
RULE  ACTION   DIR LOG Q IF     PR        K     PKTS    BYTES   STATES   MAX INFO                                                                     
   0  Pass     Any                                 0        0        0       all                                                                      
   1  Pass     Any                                 0        0        0       all                                                                      
   2  Block    In  Log Q                           8      666        0       drop inet from 169.254.0.0/16 to any                                     
   3  Block    In  Log Q                           0        0        0       drop inet from any to 169.254.0.0/16                                     
   4  Block    In  Log                           469    68770        0       drop inet all                                                            
   5  Block    Out Log                            20     4053        0       drop inet all                                                            
   6  Block    In  Log                             9      712        0       drop inet6 all                                                           
   7  Block    Out Log                             0        0        0       drop inet6 all                                                           
   8  Pass     Any     Q        ipv6-icmp K        0        0        0       inet6 all                                                                
   9  Pass     Any     Q        ipv6-icmp K        0        0        0       inet6 all                                                                
  10  Pass     Any     Q        ipv6-icmp K       37     2664        0       inet6 all                                                                
  11  Pass     Any     Q        ipv6-icmp K        2      144        0       inet6 all                                                                
  12  Pass     Out     Q        ipv6-icmp K        0        0        0       inet6 from fe80::/10 to fe80::/10                                        
  13  Pass     Out     Q        ipv6-icmp K        0        0        0       inet6 from fe80::/10 to fe80::/10                                        
  14  Pass     Out     Q        ipv6-icmp K        0        0        0       inet6 from fe80::/10 to fe80::/10                                        
  15  Pass     Out     Q        ipv6-icmp K        0        0        0       inet6 from fe80::/10 to fe80::/10                                        
  16  Pass     Out     Q        ipv6-icmp K        0        0        0       inet6 from fe80::/10 to fe80::/10                                        
  17  Pass     Out     Q        ipv6-icmp K        0        0        0       inet6 from fe80::/10 to ff02::/16                                        
  18  Pass     Out     Q        ipv6-icmp K        0        0        0       inet6 from fe80::/10 to ff02::/16                                        
  19  Pass     Out     Q        ipv6-icmp K        0        0        0       inet6 from fe80::/10 to ff02::/16                                        
  20  Pass     Out     Q        ipv6-icmp K        0        0        0       inet6 from fe80::/10 to ff02::/16                                        
  21  Pass     Out     Q        ipv6-icmp K        0        0        0       inet6 from fe80::/10 to ff02::/16                                        
  22  Pass     In      Q        ipv6-icmp K        0        0        0       inet6 from fe80::/10 to fe80::/10                                        
  23  Pass     In      Q        ipv6-icmp K        0        0        0       inet6 from fe80::/10 to fe80::/10                                        
  24  Pass     In      Q        ipv6-icmp K        0        0        0       inet6 from fe80::/10 to fe80::/10                                        
  25  Pass     In      Q        ipv6-icmp K        0        0        0       inet6 from fe80::/10 to fe80::/10                                        
  26  Pass     In      Q        ipv6-icmp K        0        0        0       inet6 from fe80::/10 to fe80::/10                                        
  27  Pass     In      Q        ipv6-icmp K        0        0        0       inet6 from ff02::/16 to fe80::/10                                        
  28  Pass     In      Q        ipv6-icmp K        0        0        0       inet6 from ff02::/16 to fe80::/10                                        
  29  Pass     In      Q        ipv6-icmp K        0        0        0       inet6 from ff02::/16 to fe80::/10                                        
  30  Pass     In      Q        ipv6-icmp K        0        0        0       inet6 from ff02::/16 to fe80::/10                                        
  31  Pass     In      Q        ipv6-icmp K        0        0        0       inet6 from ff02::/16 to fe80::/10                                        
  32  Pass     In      Q        ipv6-icmp K        0        0        0       inet6 from fe80::/10 to ff02::/16                                        
  33  Pass     In      Q        ipv6-icmp K        0        0        0       inet6 from fe80::/10 to ff02::/16                                        
  34  Pass     In      Q        ipv6-icmp K        0        0        0       inet6 from fe80::/10 to ff02::/16                                        
  35  Pass     In      Q        ipv6-icmp K        0        0        0       inet6 from fe80::/10 to ff02::/16                                        
  36  Pass     In      Q        ipv6-icmp K        0        0        0       inet6 from fe80::/10 to ff02::/16                                        
  37  Pass     In      Q        ipv6-icmp K        0        0        0       inet6 from ::/128 to ff02::/16                                           
  38  Pass     In      Q        ipv6-icmp K        0        0        0       inet6 from ::/128 to ff02::/16                                           
  39  Pass     In      Q        ipv6-icmp K        0        0        0       inet6 from ::/128 to ff02::/16                                           
  40  Pass     In      Q        ipv6-icmp K        0        0        0       inet6 from ::/128 to ff02::/16                                           
  41  Pass     In      Q        ipv6-icmp K        0        0        0       inet6 from ::/128 to ff02::/16                                           
  42  Block    Any Log Q        tcp                0        0        0       drop inet from any port = 0 to any                                       
  43  Block    Any Log Q        udp                0        0        0       drop inet from any port = 0 to any                                       
  44  Block    Any Log Q        tcp                0        0        0       drop inet from any to any port = 0                                       
  45  Block    Any Log Q        udp                0        0        0       drop inet from any to any port = 0                                       
  46  Block    Any Log Q        tcp                0        0        0       drop inet6 from any port = 0 to any                                      
  47  Block    Any Log Q        udp                0        0        0       drop inet6 from any port = 0 to any                                      
  48  Block    Any Log Q        tcp                0        0        0       drop inet6 from any to any port = 0                                      
  49  Block    Any Log Q        udp                0        0        0       drop inet6 from any to any port = 0                                      
  50  Block    Any Log Q                           0        0        0       drop from <snort2c> to any                                               
  51  Block    Any Log Q                           0        0        0       drop from any to <snort2c>                                               
  52  Block    In  Log Q        carp               0        0        0       drop from (self) to any                                                  
  53  Pass     Any     Q        carp           55181  3090136        0       all                                                                      
  54  Block    In  Log Q        tcp                0        0        0       drop from <sshguard> to (self) port = ssh                                
  55  Block    In  Log Q        tcp                0        0        0       drop from <sshguard> to (self) port = https                              
  56  Block    In  Log Q                           0        0        0       drop from <virusprot> to any                                             
  57  Pass     In      Q ix3    udp       K        2      656        0       from any port = bootps to any port = bootpc                              
  58  Pass     Out     Q ix3    udp       K       30     9840        0       from any port = bootpc to any port = bootps                              
  59  Block    In  Log   !ix3                      0        0        0       drop inet from 172.21.56.0/24 to any                                     
  60  Block    In  Log   !ix3                      0        0        0       drop inet from 192.168.52.11/32 to any                                   
  61  Block    In  Log   !ix3                      0        0        0       drop inet from 192.168.254.12/32 to any                                  
  62  Block    In  Log                             0        0        0       drop inet from 172.21.56.155/32 to any                                   
  63  Block    In  Log                             0        0        0       drop inet from 192.168.52.11/32 to any                                   
  64  Block    In  Log                             0        0        0       drop inet from 192.168.254.12/32 to any                                  
  65  Block    In  Log   !ix3                      0        0        0       drop inet6 from aa::/128 to any                                          
  66  Block    In  Log                             0        0        0       drop inet6 from aa::/128 to any                                          
  67  Block    In  Log   ix3                       0        0        0       drop inet6 from fe80::92ec:77ff:fe1d:13ea/128 to any                     
  68  Block    In  Log   !igc0                     0        0        0       drop inet from 192.168.254.0/24 to any                                   
  69  Block    In  Log                             0        0        0       drop inet from 192.168.254.10/32 to any                                  
  70  Block    In  Log                             0        0        0       drop inet from 192.168.254.11/32 to any                                  
  71  Block    In  Log   igc0                      0        0        0       drop inet6 from fe80::92ec:77ff:fe1d:13ee/128 to any                     
  72  Pass     In      Q igc0   udp       K        5     1750        0       inet from any port = bootpc to 255.255.255.255/32 port = bootps          
  73  Pass     In      Q igc0   udp       K        5     1720        0       inet from any port = bootpc to 192.168.254.10/32 port = bootps           
  74  Pass     Out     Q igc0   udp       K        0        0        0       inet from 192.168.254.10/32 port = bootps to any port = bootpc           
  75  Block    In  Log   !ix2                      0        0        0       drop inet from 192.168.72.0/30 to any                                    
  76  Block    In  Log                             0        0        0       drop inet from 192.168.72.2/32 to any                                    
  77  Block    In  Log   ix2                       0        0        0       drop inet6 from fe80::92ec:77ff:fe1d:13eb/128 to any                     
  78  Block    In  Log   !igc1                     0        0        0       drop inet from 192.168.200.0/24 to any                                   
  79  Block    In  Log                             0        0        0       drop inet from 192.168.200.1/32 to any                                   
  80  Block    In  Log   igc1                      0        0        0       drop inet6 from fe80::92ec:77ff:fe1d:13ef/128 to any                     
  81  Pass     In      Q igc1   udp       K        0        0        0       inet from any port = bootpc to 255.255.255.255/32 port = bootps          
  82  Pass     In      Q igc1   udp       K        0        0        0       inet from any port = bootpc to 192.168.200.1/32 port = bootps            
  83  Pass     Out     Q igc1   udp       K        0        0        0       inet from 192.168.200.1/32 port = bootps to any port = bootpc            
  84  Block    In  Log   !igc3                     0        0        0       drop inet from 172.16.4.0/24 to any                                      
  85  Block    In  Log                             0        0        0       drop inet from 172.16.4.1/32 to any                                      
  86  Block    In  Log   igc3                      0        0        0       drop inet6 from fe80::92ec:77ff:fe1d:13f1/128 to any                     
  87  Pass     In      Q igc3   udp       K        4     1372        0       inet from any port = bootpc to 255.255.255.255/32 port = bootps          
  88  Pass     In      Q igc3   udp       K        3     1032        0       inet from any port = bootpc to 172.16.4.1/32 port = bootps               
  89  Pass     Out     Q igc3   udp       K        0        0        0       inet from 172.16.4.1/32 port = bootps to any port = bootpc               
  90  Block    In  Log   !ipsec                    0        0        0       drop inet from 10.0.7.0/30 to any                                        
  91  Block    In  Log                             0        0        0       drop inet from 10.0.7.1/32 to any                                        
  92  Block    In  Log   ipsec1                    0        0        0       drop inet6 from fe80::92ec:77ff:fe1d:13ee/128 to any                     
  93  Pass     In        lo0              K     4094   544247       28       inet all  flags S/SA                                                     
  94  Pass     Out       lo0              K        0        0        0       inet all  flags S/SA                                                     
  95  Pass     In        lo0              K      422    45676        0       inet6 all  flags S/SA                                                    
  96  Pass     Out       lo0              K        0        0        0       inet6 all  flags S/SA                                                    
  97  Pass     Out                        K    17877 11944840       33       inet all  flags S/SA allow-opts                                          
  98  Pass     Out                        K      533    55592        0       inet6 all  flags S/SA allow-opts                                         
  99  Pass     Out                        K     9648  2553719     1315       route-to ... inet from 172.21.56.155/32 to ! 172.21.56.0/24  flags S/SA a
 100  Pass     Out                        K        0        0        0       route-to ... inet from 192.168.52.11/32 to ! 192.168.52.11/32  flags S/SA
 101  Pass     Out                        K        0        0        0       route-to ... inet from 192.168.254.12/32 to ! 192.168.254.12/32  flags S/
 102  Pass     Out                        K        0        0        0       inet from 10.0.7.1/32 to ! 10.0.7.0/30  flags S/SA allow-opts            
 103  Pass     Out       enc0             K        0        0        0       all  flags S/SA                                                          
 104  Pass     In      Q igc0   tcp       K      708   535371        0       from any to (igc0) port = https  flags S/SA                              
 105  Pass     In      Q igc0   tcp       K        0        0        0       from any to (igc0) port = http  flags S/SA                               
 106  Pass     In      Q igc0   tcp       K        0        0        0       from any to (igc0) port = ssh  flags S/SA                                
 107  Pass     In                         K        0        0        0       inet from any to any port  flags S/SA tagged PFREFLECT                   
 108  Pass     Any                                 0        0        0       all                                                                      
 109  Block    In  Log Q enc0                      0        0        0       drop inet all                                                            
 110  Pass     In      Q openvp           K        0        0        0       inet all  flags S/SA                                                     
 111  Pass     In      Q openvp           K        0        0        0       inet all  flags S/SA                                                     
 112  Pass     In      Q ix3              K        0        0        0       reply-to ... inet all  flags S/SA                                        
 113  Pass     In      Q ix3    udp       K        0        0        0       reply-to ... inet from any to 172.21.56.155/32 port = openvpn            
 114  Pass     In      Q ix3    icmp      K        0        0        0       reply-to ... inet from any to 192.168.200.10/32                          
 115  Pass     In      Q ix3    udp       K        0        0        0       reply-to ... inet from any to 172.21.56.155/32 port = openvpn            
 116  Pass     In      Q igc0   tcp       K        0        0        0       inet from any to <fqdn_test>  flags S/SA                                 
 117  Pass     In      Q igc0             K  1386580 1301948K       60       inet from <LAN__NETWORK> to any  flags S/SA                              
 118  Pass     In      Q igc1             K        0        0        0       inet all  flags S/SA                                                     
 119  Pass     In      Q igc3             K   404596  211298K      397       inet all  flags S/SA                                                     
 120  Pass     In      Q ipsec1 icmp      K        0        0        0       reply-to ... inet from 10.0.8.2/32 to 10.0.7.1/32                        
 121  Pass     Out              udp       K        2      984        0       inet from (self) to 192.168.254.2/32 port = isakmp                       
 122  Pass     In        igc0   udp       K        0        0        0       inet from 192.168.254.2/32 to (self) port = isakmp                       
 123  Pass     Out              udp       K        0        0        0       inet from (self) to 192.168.254.2/32 port = ipsec-nat-t  tag ZZZZZZZZZZZZ
 124  Pass     In        igc0   udp       K        0        0        0       inet from 192.168.254.2/32 to (self) port = ipsec-nat-t                  
 125  Pass     Out              esp       K        0        0        0       inet from (self) to 192.168.254.2/32                                     
 126  Pass     In        igc0   esp       K        0        0        0       inet from 192.168.254.2/32 to (self)                                     
 127  Pass     Out              udp       K        2      984        1       route-to ... inet from (self) to 1.1.1.1/32 port = isakmp                
 128  Pass     In        ix3    udp       K        0        0        0       reply-to ... inet from 1.1.1.1/32 to (self) port = isakmp                
 129  Pass     Out              udp       K        0        0        0       route-to ... inet from (self) to 1.1.1.1/32 port = ipsec-nat-t           
 130  Pass     In        ix3    udp       K        0        0        0       reply-to ... inet from 1.1.1.1/32 to (self) port = ipsec-nat-t           
 131  Pass     Out              esp       K        0        0        0       route-to ... inet from (self) to 1.1.1.1/32                              
 132  Pass     In        ix3    esp       K        0        0        0       reply-to ... inet from 1.1.1.1/32 to (self)                              
 133  Pass     Any                                 0        0        0       all                                                                      
