1 # $NetBSD: pf.boot.conf,v 1.5 2019/02/17 20:45:47 gutteridge Exp $ 2 # 3 # /etc/defaults/pf.boot.conf -- 4 # initial configuration for pf(4) 5 # 6 # see pf.boot.conf(5) for more information. 7 # 8 # DO NOT EDIT THIS FILE DIRECTLY; IT MAY BE REPLACED DURING A SYSTEM UPGRADE. 9 # EDIT /etc/pf.boot.conf INSTEAD. 10 # 11 12 # Default deny. 13 block all 14 15 # Don't block loopback. 16 pass on lo0 17 18 # Allow outgoing DNS, needed by pfctl to resolve names. 19 pass out proto { tcp, udp } from any to any port 53 keep state 20 21 # Allow outgoing ping request, might be used by a DHCP client to validate 22 # old (but valid) leases in case it needs to fall back to such a lease 23 # (the DHCP server can be down or not responding). 24 pass out inet proto icmp all icmp-type echoreq keep state 25 26 # Allow IPv6 router/neighbor solicitation and advertisement. 27 pass out inet6 proto ipv6-icmp all icmp6-type neighbrsol 28 pass in inet6 proto ipv6-icmp all icmp6-type neighbradv 29 pass out inet6 proto ipv6-icmp all icmp6-type routersol 30 pass in inet6 proto ipv6-icmp all icmp6-type routeradv 31 32 # Enable CARP, to avoid spurious failovers. 33 pass proto carp 34
Indexes created Mon Sep 29 21:09:56 GMT 2025