Home | History | Annotate | Line # | Download | only in defaults
pf.boot.conf revision 1.3 
      1  1.3   tron #	$NetBSD: pf.boot.conf,v 1.3 2007/09/02 15:28:43 tron Exp $
      2  1.1  peter #
      3  1.1  peter # /etc/defaults/pf.boot.conf --
      4  1.1  peter #	initial configuration for pf(4)
      5  1.1  peter #
      6  1.1  peter # see pf.boot.conf(5) for more information.
      7  1.1  peter #
      8  1.1  peter # DO NOT EDIT THIS FILE DIRECTLY; IT MAY BE REPLACED DURING A SYSTEM UPGRADE.
      9  1.1  peter # EDIT /etc/pf.boot.conf INSTEAD.
     10  1.1  peter #
     11  1.1  peter 
     12  1.1  peter # Default deny.
     13  1.1  peter block all
     14  1.1  peter 
     15  1.1  peter # Don't block loopback.
     16  1.1  peter pass on lo0
     17  1.1  peter 
     18  1.1  peter # Allow outgoing dns, needed by pfctl to resolve names.
     19  1.1  peter pass out proto { tcp, udp } from any to any port 53 keep state
     20  1.1  peter 
     21  1.1  peter # Allow outgoing ping request, might be needed by dhclient to validate
     22  1.1  peter # old (but valid) leases in /var/db/dhclient.leases in case it needs to
     23  1.1  peter # fall back to such a lease (the dhcp server can be down or not responding).
     24  1.1  peter pass out inet proto icmp all icmp-type echoreq keep state
     25  1.1  peter 
     26  1.2   reed # Allow IPv6 router/neighbor solicitation and advertisement.
     27  1.3   tron pass out inet6 proto ipv6-icmp all icmp6-type neighbrsol
     28  1.3   tron pass in inet6 proto ipv6-icmp all icmp6-type neighbradv
     29  1.3   tron pass out inet6 proto ipv6-icmp all icmp6-type routersol
     30  1.3   tron pass in inet6 proto ipv6-icmp all icmp6-type routeradv
     31