

pfTop: Up Rule 1-60/60, View: rules
RULE  ACTION   DIR LOG Q IF     PR        K     PKTS    BYTES   STATES   MAX INFO                                                                     
   0  Pass     Any                                 0        0        0       all                                                                      
   1  Pass     Any                                 0        0        0       all                                                                      
   2  Pass     In      Q lo0              K       23     2488        6       inet6 all  flags S/SA                                                    
   3  Pass     Out     Q lo0              K        0        0        0       inet6 all  flags S/SA                                                    
   4  Block    In  Log Q                          46     4748        0       drop inet6 all                                                           
   5  Block    Out Log Q                          95     8676        0       drop inet6 all                                                           
   6  Block    In  Log Q                           0        0        0       drop inet6 from any to <_nat64reserved_>                                 
   7  Block    Out Log Q                           0        0        0       drop inet6 from any to <_nat64reserved_>                                 
   8  Block    In  Log Q                           0        0        0       drop inet from 169.254.0.0/16 to any                                     
   9  Block    In  Log Q                           0        0        0       drop inet from any to 169.254.0.0/16                                     
  10  Block    In  Log                             0        0        0       drop inet all                                                            
  11  Block    Out Log                             0        0        0       drop inet all                                                            
  12  Block    In  Log                             0        0        0       drop inet6 all                                                           
  13  Block    Out Log                             0        0        0       drop inet6 all                                                           
  14  Block    Any Log Q        tcp                0        0        0       drop inet from any port = 0 to any                                       
  15  Block    Any Log Q        udp                0        0        0       drop inet from any port = 0 to any                                       
  16  Block    Any Log Q        tcp                0        0        0       drop inet from any to any port = 0                                       
  17  Block    Any Log Q        udp                0        0        0       drop inet from any to any port = 0                                       
  18  Block    Any Log Q                           0        0        0       drop from <snort2c> to any                                               
  19  Block    Any Log Q                           0        0        0       drop from any to <snort2c>                                               
  20  Block    In  Log Q        carp               0        0        0       drop from (self) to any                                                  
  21  Pass     Any     Q        carp            4509   252504        0       all                                                                      
  22  Block    In  Log Q        tcp                0        0        0       drop from <sshguard> to (self) port = ssh                                
  23  Block    In  Log Q        tcp                0        0        0       drop from <sshguard> to (self) port = https                              
  24  Block    In  Log Q                           0        0        0       drop from <virusprot> to any                                             
  25  Block    Out     Q        udp                1      322        0       drop from any port = bootps to any port = bootpc  tagged dhcpin          
  26  Pass     In      Q em0    udp                4     1288        0       from any port = bootps to any port = bootpc  tag dhcpin                  
  27  Pass     Out     Q em0    udp                0        0        0       from any port = bootpc to any port = bootps                              
  28  Block    In  Log   !em0                      0        0        0       drop inet from 192.168.254.0/24 to any                                   
  29  Block    In  Log   !em0                      0        0        0       drop inet from 192.168.254.34/32 to any                                  
  30  Block    In  Log   !em0                      0        0        0       drop inet from 192.168.254.33/32 to any                                  
  31  Block    In  Log   em0                       0        0        0       drop inet6 from fe80::a00:27ff:fed4:3e55/128 to any                      
  32  Block    In  Log                             0        0        0       drop inet from 192.168.254.25/32 to any                                  
  33  Block    In  Log                             0        0        0       drop inet from 192.168.254.34/32 to any                                  
  34  Block    In  Log                             0        0        0       drop inet from 192.168.254.33/32 to any                                  
  35  Block    In  Log   !ipsec                    0        0        0       drop inet from 10.15.0.0/30 to any                                       
  36  Block    In  Log   ipsec1                    0        0        0       drop inet6 from fe80::a00:27ff:fed4:3e55/128 to any                      
  37  Block    In  Log                             0        0        0       drop inet from 10.15.0.2/32 to any                                       
  38  Pass     In        lo0              K      206    62632        0       inet all  flags S/SA                                                     
  39  Pass     Out       lo0              K        0        0        0       inet all  flags S/SA                                                     
  40  Pass     Out                        K     1963   371066        0       inet all  flags S/SA allow-opts                                          
  41  Pass     Out                        K      136    24039       34       route-to ... inet from 192.168.254.25/32 to ! 192.168.254.0/24  flags S/S
  42  Pass     Out                        K        0        0        0       route-to ... inet from 192.168.254.33/32 to ! 192.168.254.0/24  flags S/S
  43  Pass     Out                        K        0        0        0       route-to ... inet from 192.168.254.34/32 to ! 192.168.254.0/24  flags S/S
  44  Pass     Out                        K        0        0        0       inet from 10.15.0.2/32 to ! 10.15.0.0/30  flags S/SA allow-opts          
  45  Pass     Out       enc0             K        0        0        0       all  flags S/SA                                                          
  46  Pass     Out       ipsec1           K       24     7528        0       all  flags S/SA                                                          
  47  Pass     In      Q ipsec1 tcp       K        0        0        0       from any to (ipsec1) port = https  flags S/SA                            
  48  Pass     In      Q ipsec1 tcp       K        0        0        0       from any to (ipsec1) port = http  flags S/SA                             
  49  Pass     Any                                 0        0        0       all                                                                      
  50  Pass     In      Q em0              K     1708  1245328        2       reply-to ... inet all  flags S/SA                                        
  51  Pass     In      Q ipsec1           K        0        0        0       reply-to ... inet from <LAN__NETWORK> to any  flags S/SA                 
  52  Pass     In      Q ipsec1           K        0        0        0       inet6 from <LAN__NETWORK> to any  flags S/SA                             
  53  Pass     Out              udp       K        0        0        0       inet from (self) to 192.168.254.21/32 port = isakmp                      
  54  Pass     In        em0    udp       K        0        0        0       inet from 192.168.254.21/32 to (self) port = isakmp                      
  55  Pass     Out              udp       K        0        0        0       inet from (self) to 192.168.254.21/32 port = ipsec-nat-t                 
  56  Pass     In        em0    udp       K        0        0        0       inet from 192.168.254.21/32 to (self) port = ipsec-nat-t                 
  57  Pass     Out              esp       K        0        0        0       inet from (self) to 192.168.254.21/32                                    
  58  Pass     In        em0    esp       K        0        0        0       inet from 192.168.254.21/32 to (self)                                    
  59  Pass     Any                                 0        0        0       all                                                                      
