TRANSLATION RULES:
no nat proto carp all
nat-anchor "natearly/*" all
nat-anchor "natrules/*" all
nat on em0 inet from 127.0.0.0/8 to any port = isakmp -> 192.168.254.26 static-port
nat on em0 inet from 127.0.0.0/8 to any -> 192.168.254.26 port 1024:65535
nat on em0 inet6 from ::1 to any port = isakmp -> (em0) round-robin static-port
nat on em0 inet6 from ::1 to any -> (em0) port 1024:65535 round-robin
nat on em0 inet from 192.168.253.0/24 to any port = isakmp -> 192.168.254.26 static-port
nat on em0 inet from 192.168.253.0/24 to any -> 192.168.254.26 port 1024:65535
nat on em0 inet from 10.15.0.1 to any port = isakmp -> 192.168.254.26 static-port
nat on em0 inet from 10.15.0.1 to any -> 192.168.254.26 port 1024:65535
no rdr proto carp all
rdr-anchor "tftp-proxy/*" all

FILTER RULES:
scrub from any to <vpn_networks> fragment no reassemble
scrub from <vpn_networks> to any fragment no reassemble
scrub on em0 inet all fragment reassemble
scrub on em0 inet6 all fragment reassemble
anchor "openvpn/*" all
anchor "ipsec/*" all
block drop in log quick inet6 from any to <_nat64reserved_> label "descr=Block NAT64 for non-global IPv4" ridentifier 1000000001
block drop out log quick inet6 from any to <_nat64reserved_> label "descr=Block NAT64 for non-global IPv4" ridentifier 1000000002
block drop in log quick inet from 169.254.0.0/16 to any label "descr=Block IPv4 link-local" ridentifier 1000000101
block drop in log quick inet from any to 169.254.0.0/16 label "descr=Block IPv4 link-local" ridentifier 1000000102
block drop in log inet all label "descr=Default deny rule IPv4" label "tags=ruleset:ceb692a014de1297" ridentifier 1000000103
block drop out log inet all label "descr=Default deny rule IPv4" label "tags=ruleset:ceb692a014de1297" ridentifier 1000000104
block drop in log inet6 all label "descr=Default deny rule IPv6" label "tags=ruleset:ceb692a014de1297" ridentifier 1000000105
block drop out log inet6 all label "descr=Default deny rule IPv6" label "tags=ruleset:ceb692a014de1297" ridentifier 1000000106
pass quick inet6 proto ipv6-icmp all icmp6-type unreach keep state (if-bound) label "descr=ICMPv6 operation" ridentifier 1000000107
pass quick inet6 proto ipv6-icmp all icmp6-type toobig keep state (if-bound) label "descr=ICMPv6 operation" ridentifier 1000000107
pass quick inet6 proto ipv6-icmp all icmp6-type neighbrsol keep state (if-bound) label "descr=ICMPv6 operation" ridentifier 1000000107
pass quick inet6 proto ipv6-icmp all icmp6-type neighbradv keep state (if-bound) label "descr=ICMPv6 operation" ridentifier 1000000107
pass out quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type echorep keep state (if-bound) label "descr=ICMPv6 operation" ridentifier 1000000108
pass out quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type routersol keep state (if-bound) label "descr=ICMPv6 operation" ridentifier 1000000108
pass out quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type routeradv keep state (if-bound) label "descr=ICMPv6 operation" ridentifier 1000000108
pass out quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type neighbrsol keep state (if-bound) label "descr=ICMPv6 operation" ridentifier 1000000108
pass out quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type neighbradv keep state (if-bound) label "descr=ICMPv6 operation" ridentifier 1000000108
pass out quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type echorep keep state (if-bound) label "descr=ICMPv6 operation" ridentifier 1000000109
pass out quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type routersol keep state (if-bound) label "descr=ICMPv6 operation" ridentifier 1000000109
pass out quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type routeradv keep state (if-bound) label "descr=ICMPv6 operation" ridentifier 1000000109
pass out quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type neighbrsol keep state (if-bound) label "descr=ICMPv6 operation" ridentifier 1000000109
pass out quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type neighbradv keep state (if-bound) label "descr=ICMPv6 operation" ridentifier 1000000109
pass in quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type echoreq keep state (if-bound) label "descr=ICMPv6 operation" ridentifier 1000000110
pass in quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type routersol keep state (if-bound) label "descr=ICMPv6 operation" ridentifier 1000000110
pass in quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type routeradv keep state (if-bound) label "descr=ICMPv6 operation" ridentifier 1000000110
pass in quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type neighbrsol keep state (if-bound) label "descr=ICMPv6 operation" ridentifier 1000000110
pass in quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type neighbradv keep state (if-bound) label "descr=ICMPv6 operation" ridentifier 1000000110
pass in quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 icmp6-type echoreq keep state (if-bound) label "descr=ICMPv6 operation" ridentifier 1000000111
pass in quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 icmp6-type routersol keep state (if-bound) label "descr=ICMPv6 operation" ridentifier 1000000111
pass in quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 icmp6-type routeradv keep state (if-bound) label "descr=ICMPv6 operation" ridentifier 1000000111
pass in quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 icmp6-type neighbrsol keep state (if-bound) label "descr=ICMPv6 operation" ridentifier 1000000111
pass in quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 icmp6-type neighbradv keep state (if-bound) label "descr=ICMPv6 operation" ridentifier 1000000111
pass in quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type echoreq keep state (if-bound) label "descr=ICMPv6 operation" ridentifier 1000000112
pass in quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type routersol keep state (if-bound) label "descr=ICMPv6 operation" ridentifier 1000000112
pass in quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type routeradv keep state (if-bound) label "descr=ICMPv6 operation" ridentifier 1000000112
pass in quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type neighbrsol keep state (if-bound) label "descr=ICMPv6 operation" ridentifier 1000000112
pass in quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type neighbradv keep state (if-bound) label "descr=ICMPv6 operation" ridentifier 1000000112
pass in quick inet6 proto ipv6-icmp from :: to ff02::/16 icmp6-type echoreq keep state (if-bound) label "descr=ICMPv6 operation" ridentifier 1000000113
pass in quick inet6 proto ipv6-icmp from :: to ff02::/16 icmp6-type routersol keep state (if-bound) label "descr=ICMPv6 operation" ridentifier 1000000113
pass in quick inet6 proto ipv6-icmp from :: to ff02::/16 icmp6-type routeradv keep state (if-bound) label "descr=ICMPv6 operation" ridentifier 1000000113
pass in quick inet6 proto ipv6-icmp from :: to ff02::/16 icmp6-type neighbrsol keep state (if-bound) label "descr=ICMPv6 operation" ridentifier 1000000113
pass in quick inet6 proto ipv6-icmp from :: to ff02::/16 icmp6-type neighbradv keep state (if-bound) label "descr=ICMPv6 operation" ridentifier 1000000113
block drop log quick inet proto tcp from any port = 0 to any label "descr=Block traffic from port 0" ridentifier 1000000114
block drop log quick inet proto udp from any port = 0 to any label "descr=Block traffic from port 0" ridentifier 1000000114
block drop log quick inet proto tcp from any to any port = 0 label "descr=Block traffic to port 0" ridentifier 1000000115
block drop log quick inet proto udp from any to any port = 0 label "descr=Block traffic to port 0" ridentifier 1000000115
block drop log quick inet6 proto tcp from any port = 0 to any label "descr=Block traffic from port 0" ridentifier 1000000116
block drop log quick inet6 proto udp from any port = 0 to any label "descr=Block traffic from port 0" ridentifier 1000000116
block drop log quick inet6 proto tcp from any to any port = 0 label "descr=Block traffic to port 0" ridentifier 1000000117
block drop log quick inet6 proto udp from any to any port = 0 label "descr=Block traffic to port 0" ridentifier 1000000117
block drop log quick from <snort2c> to any label "descr=Block snort2c hosts" ridentifier 1000000118
block drop log quick from any to <snort2c> label "descr=Block snort2c hosts" ridentifier 1000000119
block drop in log quick proto carp from (self) to any label "descr=CARP operation" ridentifier 1000000201
pass quick proto carp all no state label "descr=CARP operation" ridentifier 1000000202
block drop in log quick proto tcp from <sshguard> to (self) port = ssh label "descr=sshguard" ridentifier 1000000301
block drop in log quick proto tcp from <sshguard> to (self) port = https label "descr=GUI Lockout" ridentifier 1000000351
block drop in log quick from <virusprot> to any label "descr=virusprot overload table" ridentifier 1000000400
block drop out quick proto udp from any port = bootps to any port = bootpc label "descr=Prevent routing dhcp responses" ridentifier 1000000451 tagged dhcpin
pass in quick on em0 proto udp from any port = bootps to any port = bootpc no state label "descr=allow dhcp replies in WAN" ridentifier 1000000461 tag dhcpin
pass out quick on em0 proto udp from any port = bootpc to any port = bootps no state label "descr=allow dhcp client out WAN" ridentifier 1000000462
pass in quick on em0 inet6 proto udp from fe80::/10 port = dhcpv6-client to fe80::/10 port = dhcpv6-client keep state (if-bound) label "descr=allow dhcpv6 client in WAN" ridentifier 1000000463
pass in quick on em0 proto udp from any port = dhcpv6-server to any port = dhcpv6-client keep state (if-bound) label "descr=allow dhcpv6 client in WAN" ridentifier 1000000464
pass out quick on em0 proto udp from any port = dhcpv6-client to any port = dhcpv6-server keep state (if-bound) label "descr=allow dhcpv6 client out WAN" ridentifier 1000000465
block drop in log on ! em0 inet from 192.168.254.0/24 to any label "descr=antispoof protection" ridentifier 1000001471
block drop in log on ! em0 inet from 192.168.254.33 to any label "descr=antispoof protection" ridentifier 1000001471
block drop in log on ! em0 inet from 192.168.254.34 to any label "descr=antispoof protection" ridentifier 1000001471
block drop in log on em0 inet6 from fe80::a00:27ff:feba:b855 to any label "descr=antispoof protection" ridentifier 1000001471
block drop in log inet from 192.168.254.26 to any label "descr=antispoof protection" ridentifier 1000001471
block drop in log inet from 192.168.254.33 to any label "descr=antispoof protection" ridentifier 1000001471
block drop in log inet from 192.168.254.34 to any label "descr=antispoof protection" ridentifier 1000001471
pass in on lo0 inet all flags S/SA keep state (if-bound) label "descr=pass IPv4 loopback" ridentifier 1000003611
pass out on lo0 inet all flags S/SA keep state (if-bound) label "descr=pass IPv4 loopback" ridentifier 1000003612
pass in on lo0 inet6 all flags S/SA keep state (if-bound) label "descr=pass IPv6 loopback" ridentifier 1000003613
pass out on lo0 inet6 all flags S/SA keep state (if-bound) label "descr=pass IPv6 loopback" ridentifier 1000003614
pass out inet all flags S/SA keep state (if-bound) allow-opts label "descr=let out anything IPv4 from firewall host itself" ridentifier 1000003615
pass out inet6 all flags S/SA keep state (if-bound) allow-opts label "descr=let out anything IPv6 from firewall host itself" ridentifier 1000003616
pass out route-to (em0 192.168.254.10) inet from 192.168.254.26 to ! 192.168.254.0/24 flags S/SA keep state (if-bound) allow-opts label "descr=let out anything from firewall host itself" ridentifier 1000003711
pass out route-to (em0 192.168.254.10) inet from 192.168.254.33 to ! 192.168.254.0/24 flags S/SA keep state (if-bound) allow-opts label "descr=let out anything from firewall host itself" ridentifier 1000003712
pass out route-to (em0 192.168.254.10) inet from 192.168.254.34 to ! 192.168.254.0/24 flags S/SA keep state (if-bound) allow-opts label "descr=let out anything from firewall host itself" ridentifier 1000003713
pass out on enc0 all flags S/SA keep state label "descr=IPsec internal host to host" ridentifier 1000004012
pass out on ipsec1 all flags S/SA keep state label "descr=IPsec VTI floating states" ridentifier 1000004013
anchor "userrules/*" all
pass in quick on em0 reply-to (em0 192.168.254.10) inet all flags S/SA keep state (if-bound) label "id=1778676401" label "tags=user_rule" ridentifier 1778676401
pass out inet proto udp from (self) to 192.168.254.21 port = isakmp keep state (if-bound) label "descr=IPsec: 192.168.254.21 - outbound isakmp" ridentifier 1000104151
pass in on em0 inet proto udp from 192.168.254.21 to (self) port = isakmp keep state (if-bound) label "descr=IPsec: 192.168.254.21 - inbound isakmp" ridentifier 1000104152
pass out inet proto udp from (self) to 192.168.254.21 port = ipsec-nat-t keep state (if-bound) label "descr=IPsec: 192.168.254.21 - outbound nat-t" ridentifier 1000104153
pass in on em0 inet proto udp from 192.168.254.21 to (self) port = ipsec-nat-t keep state (if-bound) label "descr=IPsec: 192.168.254.21 - inbound nat-t" ridentifier 1000104154
pass out inet proto esp from (self) to 192.168.254.21 keep state (if-bound) label "descr=IPsec: 192.168.254.21 - outbound esp proto" ridentifier 1000104155
pass in on em0 inet proto esp from 192.168.254.21 to (self) keep state (if-bound) label "descr=IPsec: 192.168.254.21 - inbound esp proto" ridentifier 1000104156
anchor "tftp-proxy/*" all
No queue in use

STATES:
all pfsync 192.168.254.26 <- 192.168.254.25       NO_TRAFFIC:SINGLE
all tcp 192.168.254.26:443 <- 192.168.254.20:36050       ESTABLISHED:ESTABLISHED
em0 icmp 192.168.254.26:31652 -> 192.168.254.10:8       0:0
all icmp 10.15.0.2:32156 -> 10.15.0.1:8       0:0
em0 udp 192.168.254.26:123 -> 195.28.27.26:123       MULTIPLE:SINGLE
em0 udp 192.168.254.26:123 -> 85.254.217.2:123       MULTIPLE:SINGLE
lo0 udp ff02::1:2[547] <- fe80::a00:27ff:feba:b855[546]       NO_TRAFFIC:SINGLE
em0 udp fe80::a00:27ff:feba:b855[546] -> ff02::1:2[547]       SINGLE:NO_TRAFFIC

INFO:
Status: Enabled for 0 days 00:34:15           Debug: Urgent

Interface Stats for em0               IPv4             IPv6
  Bytes In                               0                0
  Bytes Out                              0                0
  Packets In
    Passed                           13317                0
    Blocked                              5                2
  Packets Out
    Passed                            9913               43
    Blocked                              0                0

State Table                          Total             Rate
  current entries                        8               
  searches                           29061           14.1/s
  inserts                              579            0.3/s
  removals                             571            0.3/s
Counters
  match                               5124            2.5/s
  bad-offset                             0            0.0/s
  fragment                               0            0.0/s
  short                                  0            0.0/s
  normalize                              0            0.0/s
  memory                                 0            0.0/s
  bad-timestamp                          0            0.0/s
  congestion                             0            0.0/s
  ip-option                             77            0.0/s
  proto-cksum                            0            0.0/s
  state-mismatch                         0            0.0/s
  state-insert                           0            0.0/s
  state-limit                            0            0.0/s
  src-limit                              0            0.0/s
  synproxy                               0            0.0/s
  map-failed                             0            0.0/s
  translate                              0            0.0/s

LABEL COUNTERS:
descr=Block NAT64 for non-global IPv4 5124 0 0 0 0 0 0 0
descr=Block NAT64 for non-global IPv4 1025 0 0 0 0 0 0 0
descr=Block IPv4 link-local 5124 0 0 0 0 0 0 0
descr=Block IPv4 link-local 4073 0 0 0 0 0 0 0
descr=Default deny rule IPv4 tags=ruleset:ceb692a014de1297 897 0 0 0 0 0 0 0
descr=Default deny rule IPv4 tags=ruleset:ceb692a014de1297 927 0 0 0 0 0 0 0
descr=Default deny rule IPv6 tags=ruleset:ceb692a014de1297 933 0 0 0 0 0 0 0
descr=Default deny rule IPv6 tags=ruleset:ceb692a014de1297 36 0 0 0 0 0 0 0
descr=ICMPv6 operation 72 0 0 0 0 0 0 0
descr=ICMPv6 operation 29 0 0 0 0 0 0 0
descr=ICMPv6 operation 29 18 1296 0 0 18 1296 0
descr=ICMPv6 operation 16 0 0 0 0 0 0 0
descr=ICMPv6 operation 16 0 0 0 0 0 0 0
descr=ICMPv6 operation 0 0 0 0 0 0 0 0
descr=ICMPv6 operation 0 0 0 0 0 0 0 0
descr=ICMPv6 operation 0 0 0 0 0 0 0 0
descr=ICMPv6 operation 0 0 0 0 0 0 0 0
descr=ICMPv6 operation 12 0 0 0 0 0 0 0
descr=ICMPv6 operation 12 3 168 0 0 3 168 0
descr=ICMPv6 operation 9 0 0 0 0 0 0 0
descr=ICMPv6 operation 9 0 0 0 0 0 0 0
descr=ICMPv6 operation 9 0 0 0 0 0 0 0
descr=ICMPv6 operation 13 0 0 0 0 0 0 0
descr=ICMPv6 operation 0 0 0 0 0 0 0 0
descr=ICMPv6 operation 0 0 0 0 0 0 0 0
descr=ICMPv6 operation 0 0 0 0 0 0 0 0
descr=ICMPv6 operation 0 0 0 0 0 0 0 0
descr=ICMPv6 operation 0 0 0 0 0 0 0 0
descr=ICMPv6 operation 0 0 0 0 0 0 0 0
descr=ICMPv6 operation 0 0 0 0 0 0 0 0
descr=ICMPv6 operation 0 0 0 0 0 0 0 0
descr=ICMPv6 operation 0 0 0 0 0 0 0 0
descr=ICMPv6 operation 4 0 0 0 0 0 0 0
descr=ICMPv6 operation 4 3 168 3 168 0 0 0
descr=ICMPv6 operation 1 0 0 0 0 0 0 0
descr=ICMPv6 operation 1 0 0 0 0 0 0 0
descr=ICMPv6 operation 1 0 0 0 0 0 0 0
descr=ICMPv6 operation 1 0 0 0 0 0 0 0
descr=ICMPv6 operation 0 0 0 0 0 0 0 0
descr=ICMPv6 operation 0 0 0 0 0 0 0 0
descr=ICMPv6 operation 0 0 0 0 0 0 0 0
descr=ICMPv6 operation 0 0 0 0 0 0 0 0
descr=Block traffic from port 0 5105 0 0 0 0 0 0 0
descr=Block traffic from port 0 4965 0 0 0 0 0 0 0
descr=Block traffic to port 0 5052 0 0 0 0 0 0 0
descr=Block traffic to port 0 4965 0 0 0 0 0 0 0
descr=Block traffic from port 0 5105 0 0 0 0 0 0 0
descr=Block traffic from port 0 53 0 0 0 0 0 0 0
descr=Block traffic to port 0 53 0 0 0 0 0 0 0
descr=Block traffic to port 0 53 0 0 0 0 0 0 0
descr=Block snort2c hosts 5105 0 0 0 0 0 0 0
descr=Block snort2c hosts 5105 0 0 0 0 0 0 0
descr=CARP operation 5105 0 0 0 0 0 0 0
descr=CARP operation 4963 4526 253456 3954 221424 572 32032 0
descr=sshguard 579 0 0 0 0 0 0 0
descr=GUI Lockout 0 0 0 0 0 0 0 0
descr=virusprot overload table 142 0 0 0 0 0 0 0
descr=Prevent routing dhcp responses 579 0 0 0 0 0 0 0
descr=allow dhcp replies in WAN 142 4 1288 4 1288 0 0 0
descr=allow dhcp client out WAN 351 0 0 0 0 0 0 0
descr=allow dhcpv6 client in WAN 319 0 0 0 0 0 0 0
descr=allow dhcpv6 client in WAN 9 0 0 0 0 0 0 0
descr=allow dhcpv6 client out WAN 319 20 2320 0 0 20 2320 6
descr=antispoof protection 87 0 0 0 0 0 0 0
descr=antispoof protection 5 0 0 0 0 0 0 0
descr=antispoof protection 5 0 0 0 0 0 0 0
descr=antispoof protection 74 0 0 0 0 0 0 0
descr=antispoof protection 21 0 0 0 0 0 0 0
descr=antispoof protection 13 0 0 0 0 0 0 0
descr=antispoof protection 13 0 0 0 0 0 0 0
descr=pass IPv4 loopback 146 178 32635 91 14545 87 18090 1
descr=pass IPv4 loopback 444 0 0 0 0 0 0 0
descr=pass IPv6 loopback 139 24 2672 22 2496 2 176 6
descr=pass IPv6 loopback 80 0 0 0 0 0 0 0
descr=let out anything IPv4 from firewall host itself 530 1626 75049 809 39281 817 35768 1
descr=let out anything IPv6 from firewall host itself 418 6 524 2 176 4 348 0
descr=let out anything from firewall host itself 66 88 22565 43 19517 45 3048 22
descr=let out anything from firewall host itself 57 0 0 0 0 0 0 0
descr=let out anything from firewall host itself 57 0 0 0 0 0 0 0
descr=IPsec internal host to host 418 0 0 0 0 0 0 0
descr=IPsec VTI floating states 418 777 23357 0 0 777 23357 1
id=1778676401 tags=user_rule 87 451 231728 206 88916 245 142812 0
descr=IPsec: 192.168.254.21 - outbound isakmp 63 7 2060 3 940 4 1120 0
descr=IPsec: 192.168.254.21 - inbound isakmp 49 0 0 0 0 0 0 0
descr=IPsec: 192.168.254.21 - outbound nat-t 49 0 0 0 0 0 0 0
descr=IPsec: 192.168.254.21 - inbound nat-t 48 0 0 0 0 0 0 0
descr=IPsec: 192.168.254.21 - outbound esp proto 61 45 3868 0 0 45 3868 0
descr=IPsec: 192.168.254.21 - inbound esp proto 12 0 0 0 0 0 0 0

TIMEOUTS:
tcp.first                   120s
tcp.opening                  30s
tcp.established           86400s
tcp.closing                 900s
tcp.finwait                  45s
tcp.closed                   90s
tcp.tsdiff                   30s
sctp.first                  120s
sctp.opening                 30s
sctp.established          86400s
sctp.closing                900s
sctp.closed                  90s
udp.first                    60s
udp.single                   30s
udp.multiple                 60s
icmp.first                   20s
icmp.error                   10s
other.first                  60s
other.single                 30s
other.multiple               60s
frag                         60s
interval                     10s
adaptive.start           240600 states
adaptive.end             481200 states
src.track                     0s

LIMITS:
states        hard limit   401000
src-nodes     hard limit   401000
frags         hard limit     5000
table-entries hard limit   400000
anchors       hard limit      512
eth-anchors   hard limit        0

STATE LIMITERS:
 ID      USE/LIMIT     RATE/SECS     ADMIT  HARDLIM  RATELIM

SOURCE LIMITERS:
 ID      USE/ADDRS    LIMIT  RATE/SECS     ADMIT  ADDRLIM  HARDLIM  RATELIM

TABLES:
ENC0__NETWORK
WAN__NETWORK
WIREGUARD__NETWORK
_nat64reserved_
bogons
snort2c
sshguard
virusprot
vpn_networks

OS FINGERPRINTS:
762 fingerprints loaded
