Home | History | Annotate | Line # | Download | only in defaults 
      1  1.5  gutterid #	$NetBSD: pf.boot.conf,v 1.5 2019/02/17 20:45:47 gutteridge Exp $
      2  1.1     peter #
      3  1.1     peter # /etc/defaults/pf.boot.conf --
      4  1.1     peter #	initial configuration for pf(4)
      5  1.1     peter #
      6  1.1     peter # see pf.boot.conf(5) for more information.
      7  1.1     peter #
      8  1.1     peter # DO NOT EDIT THIS FILE DIRECTLY; IT MAY BE REPLACED DURING A SYSTEM UPGRADE.
      9  1.1     peter # EDIT /etc/pf.boot.conf INSTEAD.
     10  1.1     peter #
     11  1.1     peter 
     12  1.1     peter # Default deny.
     13  1.1     peter block all
     14  1.1     peter 
     15  1.1     peter # Don't block loopback.
     16  1.1     peter pass on lo0
     17  1.1     peter 
     18  1.5  gutterid # Allow outgoing DNS, needed by pfctl to resolve names.
     19  1.1     peter pass out proto { tcp, udp } from any to any port 53 keep state
     20  1.1     peter 
     21  1.5  gutterid # Allow outgoing ping request, might be used by a DHCP client to validate
     22  1.5  gutterid # old (but valid) leases in case it needs to fall back to such a lease
     23  1.5  gutterid # (the DHCP server can be down or not responding).
     24  1.1     peter pass out inet proto icmp all icmp-type echoreq keep state
     25  1.1     peter 
     26  1.2      reed # Allow IPv6 router/neighbor solicitation and advertisement.
     27  1.3      tron pass out inet6 proto ipv6-icmp all icmp6-type neighbrsol
     28  1.3      tron pass in inet6 proto ipv6-icmp all icmp6-type neighbradv
     29  1.3      tron pass out inet6 proto ipv6-icmp all icmp6-type routersol
     30  1.3      tron pass in inet6 proto ipv6-icmp all icmp6-type routeradv
     31  1.4     hauke 
     32  1.5  gutterid # Enable CARP, to avoid spurious failovers.
     33  1.4     hauke pass proto carp
     34