fwbuilder/test/pf/firewall92.conf.orig

set timeout udp.single 5

#
# Scrub rules
#
match all scrub (reassemble tcp no-df )
match out all scrub (random-id min-ttl  1 max-mss  1460)

# NAT compiler errors and warnings:
# firewall92:NAT:2: error: No translation rules are not supported for PF 4.7, use negation to implement exclusions
# 
# Rule  0 (NAT)
match out on  em0 from 10.1.1.0/24 to any nat-to (em0) 
# 
# Rule  1 (NAT)
match in on  em0 proto udp from ! 10.3.14.41 to 10.3.14.81 port 161 rdr-to 10.1.1.1 port 161 
# 
# Rule  3 (NAT)
match in on  em0 proto udp from any to 10.3.14.81 port 161 rdr-to 10.1.1.1 port 161 
# 
# Rule  4 (NAT)
match out on  em1 from 10.1.1.0/24 to any nat-to (em0) 
# 
# Rule  5 (NAT)
match out on ! em0 from 10.1.1.0/24 to any nat-to 10.3.14.201 

# Policy compiler errors and warnings:
# firewall92:Policy:0: warning: Changing rule direction due to self reference
# 
# Rule  backup ssh access rule
#    backup ssh access rule 
pass in   quick inet proto tcp  from 10.3.14.30  to self port 22  label "RULE -1 -- ACCEPT "  
# 
# Rule  0 (global)
# firewall92:Policy:0: warning: Changing rule direction due to self reference

pass in   quick inet proto tcp  from 10.3.14.0/24  to self port 22  label "RULE 0 -- ACCEPT "  
# 
# Rule  1 (global)
pass  quick inet  from 10.1.1.0/24  to any  label "RULE 1 -- ACCEPT "  
# 
# Rule  2 (global)
match inet  from any  to 10.1.1.1 tag INTNET  label "RULE 2 --  "  
# 
# Rule  3 (global)
pass  quick inet proto udp  from any  to any port 161  label "RULE 3 -- ACCEPT "  
# 
# Rule  4 (global)
block  log  quick inet  from any  to any no state  label "RULE 4 -- DROP "  
# 
# Rule  fallback rule
#    fallback rule 
block  quick inet  from any  to any no state  label "RULE 10000 -- DROP "