bsd:pf_packet_filter_firewall:display_firewall_rule_info
BSD - PF (Packet Filter) Firewall - Display Firewall Rule Info
sudo pfctl -v -s rules
returns:
scrub on pppoe0 all fragment reassemble [ Evaluations: 3949437845 Packets: 1943242083 Bytes: 110841201438 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] scrub on em1 all fragment reassemble [ Evaluations: 2006821953 Packets: 1950578866 Bytes: 112687334549 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] scrub on em1.50 all fragment reassemble [ Evaluations: 56619906 Packets: 8614027 Bytes: 320030735 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] scrub on em1.70 all fragment reassemble [ Evaluations: 48006177 Packets: 21064 Bytes: 4412118 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] scrub on em1.99 all fragment reassemble [ Evaluations: 47985109 Packets: 17641 Bytes: 2162078 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] anchor "relayd/*" all [ Evaluations: 4021724 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] anchor "openvpn/*" all [ Evaluations: 4021442 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] anchor "ipsec/*" all [ Evaluations: 4021498 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] block drop in log quick inet from 169.254.0.0/16 to any label "Block IPv4 link-local" [ Evaluations: 6519553 Packets: 12 Bytes: 1152 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] block drop in log quick inet from any to 169.254.0.0/16 label "Block IPv4 link-local" [ Evaluations: 1790752 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] block drop in log inet all label "Default deny rule IPv4" [ Evaluations: 1790752 Packets: 157693 Bytes: 10095052 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] block drop out log inet all label "Default deny rule IPv4" [ Evaluations: 6163934 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] block drop in log inet6 all label "Default deny rule IPv6" [ Evaluations: 6519683 Packets: 297900 Bytes: 29026946 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] block drop out log inet6 all label "Default deny rule IPv6" [ Evaluations: 4728579 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] pass quick inet6 proto ipv6-icmp all icmp6-type unreach keep state [ Evaluations: 394420 Packets: 2 Bytes: 288 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] pass quick inet6 proto ipv6-icmp all icmp6-type toobig keep state [ Evaluations: 232574 Packets: 1 Bytes: 144 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] pass quick inet6 proto ipv6-icmp all icmp6-type neighbrsol keep state [ Evaluations: 232574 Packets: 13883 Bytes: 999904 States: 0 ] [ Inserted: pid 13728 State Creations: 7662 ] pass quick inet6 proto ipv6-icmp all icmp6-type neighbradv keep state [ Evaluations: 224912 Packets: 13478 Bytes: 873680 States: 2 ] [ Inserted: pid 13728 State Creations: 12975 ] pass out quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type echorep keep state [ Evaluations: 21566 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] pass out quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type routersol keep state [ Evaluations: 9189 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] pass out quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type routeradv keep state [ Evaluations: 9189 Packets: 620 Bytes: 59808 States: 0 ] [ Inserted: pid 13728 State Creations: 600 ] pass out quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type neighbrsol keep state [ Evaluations: 8589 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] pass out quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type neighbradv keep state [ Evaluations: 8589 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] pass out quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type echorep keep state [ Evaluations: 14876 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] pass out quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type routersol keep state [ Evaluations: 14876 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] pass out quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type routeradv keep state [ Evaluations: 14876 Packets: 42939 Bytes: 4122144 States: 1 ] [ Inserted: pid 13728 State Creations: 137 ] pass out quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type neighbrsol keep state [ Evaluations: 14739 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] pass out quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type neighbradv keep state [ Evaluations: 14739 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] pass in quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type echoreq keep state [ Evaluations: 20271 Packets: 90 Bytes: 9360 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] pass in quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type routersol keep state [ Evaluations: 8034 Packets: 90 Bytes: 9360 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] pass in quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type routeradv keep state [ Evaluations: 8034 Packets: 90 Bytes: 9360 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] pass in quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type neighbrsol keep state [ Evaluations: 8034 Packets: 90 Bytes: 9360 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] pass in quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type neighbradv keep state [ Evaluations: 8034 Packets: 90 Bytes: 9360 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] pass in quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 icmp6-type echoreq keep state [ Evaluations: 226 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] pass in quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 icmp6-type routersol keep state [ Evaluations: 125 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] pass in quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 icmp6-type routeradv keep state [ Evaluations: 125 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] pass in quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 icmp6-type neighbrsol keep state [ Evaluations: 125 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] pass in quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 icmp6-type neighbradv keep state [ Evaluations: 125 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] pass in quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type echoreq keep state [ Evaluations: 5614 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] pass in quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type routersol keep state [ Evaluations: 4170 Packets: 787 Bytes: 43800 States: 0 ] [ Inserted: pid 13728 State Creations: 684 ] pass in quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type routeradv keep state [ Evaluations: 3486 Packets: 42872 Bytes: 4115712 States: 1 ] [ Inserted: pid 13728 State Creations: 135 ] pass in quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type neighbrsol keep state [ Evaluations: 3351 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] pass in quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type neighbradv keep state [ Evaluations: 3351 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] pass in quick inet6 proto ipv6-icmp from :: to ff02::/16 icmp6-type echoreq keep state [ Evaluations: 2224 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] pass in quick inet6 proto ipv6-icmp from :: to ff02::/16 icmp6-type routersol keep state [ Evaluations: 1327 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] pass in quick inet6 proto ipv6-icmp from :: to ff02::/16 icmp6-type routeradv keep state [ Evaluations: 1327 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] pass in quick inet6 proto ipv6-icmp from :: to ff02::/16 icmp6-type neighbrsol keep state [ Evaluations: 1327 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] pass in quick inet6 proto ipv6-icmp from :: to ff02::/16 icmp6-type neighbradv keep state [ Evaluations: 1327 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] block drop log quick inet proto tcp from any port = 0 to any label "Block traffic from port 0" [ Evaluations: 6478053 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] block drop log quick inet proto udp from any port = 0 to any label "Block traffic from port 0" [ Evaluations: 5855314 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] block drop log quick inet proto tcp from any to any port = 0 label "Block traffic to port 0" [ Evaluations: 6124744 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] block drop log quick inet proto udp from any to any port = 0 label "Block traffic to port 0" [ Evaluations: 5675205 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] block drop log quick inet6 proto tcp from any port = 0 to any label "Block traffic from port 0" [ Evaluations: 6478126 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] block drop log quick inet6 proto udp from any port = 0 to any label "Block traffic from port 0" [ Evaluations: 2537495 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] block drop log quick inet6 proto tcp from any to any port = 0 label "Block traffic to port 0" [ Evaluations: 353465 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] block drop log quick inet6 proto udp from any to any port = 0 label "Block traffic to port 0" [ Evaluations: 238652 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] block drop log quick from <snort2c> to any label "Block snort2c hosts" [ Evaluations: 6477835 Packets: 80673 Bytes: 5982134 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] block drop log quick from any to <snort2c> label "Block snort2c hosts" [ Evaluations: 6400068 Packets: 2403 Bytes: 1456040 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] block drop in log quick proto carp from (self) to any [ Evaluations: 6398593 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] pass quick proto carp all no state [ Evaluations: 4358192 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] block drop in log quick proto tcp from <sshguard> to (self) port = ssh label "sshguard" [ Evaluations: 6396450 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] block drop in log quick proto tcp from <sshguard> to (self) port = https label "GUI Lockout" [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] block drop in log quick from <virusprot> to any label "virusprot overload table" [ Evaluations: 2040174 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] pass in quick on pppoe0 inet6 proto udp from fe80::/10 port = dhcpv6-client to fe80::/10 port = dhcpv6-client keep state label "allow dhcpv6 client in WAN" [ Evaluations: 2039344 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] pass in quick on pppoe0 proto udp from any port = dhcpv6-server to any port = dhcpv6-client keep state label "allow dhcpv6 client in WAN" [ Evaluations: 204508 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] pass out quick on pppoe0 proto udp from any port = dhcpv6-client to any port = dhcpv6-server keep state label "allow dhcpv6 client out WAN" [ Evaluations: 4482386 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] block drop in log quick on pppoe0 from <bogons> to any label "block bogon IPv4 networks from WAN" [ Evaluations: 4410164 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] block drop in log quick on pppoe0 from <bogonsv6> to any label "block bogon IPv6 networks from WAN" [ Evaluations: 1832337 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] block drop in log on ! pppoe0 inet from 5.42.134.35 to any [ Evaluations: 2191502 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] block drop in log inet from 5.42.134.35 to any [ Evaluations: 909657 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] block drop in log on pppoe0 inet6 from fe80::2e0:67ff:fe1f:ea46 to any [ Evaluations: 2098320 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] block drop in log quick on pppoe0 inet from 10.0.0.0/8 to any label "Block private networks from WAN block 10/8" [ Evaluations: 204651 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] block drop in log quick on pppoe0 inet from 127.0.0.0/8 to any label "Block private networks from WAN block 127/8" [ Evaluations: 204651 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] block drop in log quick on pppoe0 inet from 172.16.0.0/12 to any label "Block private networks from WAN block 172.16/12" [ Evaluations: 204651 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] block drop in log quick on pppoe0 inet from 192.168.0.0/16 to any label "Block private networks from WAN block 192.168/16" [ Evaluations: 204651 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] block drop in log quick on pppoe0 inet6 from fc00::/7 to any label "Block ULA networks from WAN block fc00::/7" [ Evaluations: 204651 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] block drop in log on ! em1 inet from 192.168.1.0/24 to any [ Evaluations: 2039309 Packets: 17183 Bytes: 549856 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] block drop in log inet from 192.168.1.1 to any [ Evaluations: 2033378 Packets: 6514 Bytes: 208448 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] block drop in log on em1 inet6 from fe80::1:1 to any [ Evaluations: 2039309 Packets: 6514 Bytes: 208448 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] pass in quick on em1 inet proto udp from any port = bootpc to 255.255.255.255 port = bootps keep state label "allow access to DHCP server" [ Evaluations: 1268344 Packets: 187 Bytes: 62654 States: 0 ] [ Inserted: pid 13728 State Creations: 35 ] pass in quick on em1 inet proto udp from any port = bootpc to 192.168.1.1 port = bootps keep state label "allow access to DHCP server" [ Evaluations: 513 Packets: 1222 Bytes: 399718 States: 0 ] [ Inserted: pid 13728 State Creations: 301 ] pass out quick on em1 inet proto udp from 192.168.1.1 port = bootps to any port = bootpc keep state label "allow access to DHCP server" [ Evaluations: 4989339 Packets: 16 Bytes: 5336 States: 0 ] [ Inserted: pid 13728 State Creations: 3 ] pass quick on em1 inet6 proto udp from fe80::/10 to fe80::/10 port = dhcpv6-client keep state label "allow access to DHCPv6 server" [ Evaluations: 966847 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] pass quick on em1 inet6 proto udp from fe80::/10 to ff02::/16 port = dhcpv6-client keep state label "allow access to DHCPv6 server" [ Evaluations: 57275 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] pass quick on em1 inet6 proto udp from fe80::/10 to ff02::/16 port = dhcpv6-server keep state label "allow access to DHCPv6 server" [ Evaluations: 56715 Packets: 28826 Bytes: 2697750 States: 2 ] [ Inserted: pid 13728 State Creations: 14688 ] pass quick on em1 inet6 proto udp from ff02::/16 to fe80::/10 port = dhcpv6-server keep state label "allow access to DHCPv6 server" [ Evaluations: 560 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] block drop in log on ! em1.50 inet from 192.168.50.0/24 to any [ Evaluations: 6371219 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] block drop in log inet from 192.168.50.1 to any [ Evaluations: 3557332 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] block drop in log on em1.50 inet6 from fe80::2e0:67ff:fe1f:ea47 to any [ Evaluations: 3700915 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] pass in quick on em1.50 inet proto udp from any port = bootpc to 255.255.255.255 port = bootps keep state label "allow access to DHCP server" [ Evaluations: 441048 Packets: 579 Bytes: 186621 States: 0 ] [ Inserted: pid 13728 State Creations: 480 ] pass in quick on em1.50 inet proto udp from any port = bootpc to 192.168.50.1 port = bootps keep state label "allow access to DHCP server" [ Evaluations: 618 Packets: 1710 Bytes: 560504 States: 0 ] [ Inserted: pid 13728 State Creations: 557 ] pass out quick on em1.50 inet proto udp from 192.168.50.1 port = bootps to any port = bootpc keep state label "allow access to DHCP server" [ Evaluations: 4779321 Packets: 13 Bytes: 4216 States: 0 ] [ Inserted: pid 13728 State Creations: 3 ] block drop in log on ! em1.70 inet from 192.168.70.0/24 to any [ Evaluations: 6368937 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] block drop in log inet from 192.168.70.1 to any [ Evaluations: 3555286 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] block drop in log on em1.70 inet6 from fe80::2e0:67ff:fe1f:ea47 to any [ Evaluations: 3699339 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] pass in quick on em1.70 inet proto udp from any port = bootpc to 255.255.255.255 port = bootps keep state label "allow access to DHCP server" [ Evaluations: 9386 Packets: 9 Bytes: 3138 States: 0 ] [ Inserted: pid 13728 State Creations: 2 ] pass in quick on em1.70 inet proto udp from any port = bootpc to 192.168.70.1 port = bootps keep state label "allow access to DHCP server" [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] pass out quick on em1.70 inet proto udp from 192.168.70.1 port = bootps to any port = bootpc keep state label "allow access to DHCP server" [ Evaluations: 4356344 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] block drop in log on ! em1.99 inet from 192.168.99.0/24 to any [ Evaluations: 6369403 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] block drop in log inet from 192.168.99.1 to any [ Evaluations: 3555269 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] block drop in log on em1.99 inet6 from fe80::2e0:67ff:fe1f:ea47 to any [ Evaluations: 3699353 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] pass in quick on em1.99 inet proto udp from any port = bootpc to 255.255.255.255 port = bootps keep state label "allow access to DHCP server" [ Evaluations: 14122 Packets: 48 Bytes: 16761 States: 0 ] [ Inserted: pid 13728 State Creations: 3 ] pass in quick on em1.99 inet proto udp from any port = bootpc to 192.168.99.1 port = bootps keep state label "allow access to DHCP server" [ Evaluations: 7 Packets: 14 Bytes: 4704 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] pass out quick on em1.99 inet proto udp from 192.168.99.1 port = bootps to any port = bootpc keep state label "allow access to DHCP server" [ Evaluations: 4357692 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] pass in on lo0 inet all flags S/SA keep state label "pass IPv4 loopback" [ Evaluations: 6367860 Packets: 19046309 Bytes: 1971837238 States: 15 ] [ Inserted: pid 13728 State Creations: 56835 ] pass out on lo0 inet all flags S/SA keep state label "pass IPv4 loopback" [ Evaluations: 195406 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] pass in on lo0 inet6 all flags S/SA keep state label "pass IPv6 loopback" [ Evaluations: 205416 Packets: 17048 Bytes: 4313904 States: 1 ] [ Inserted: pid 13728 State Creations: 5292 ] pass out on lo0 inet6 all flags S/SA keep state label "pass IPv6 loopback" [ Evaluations: 110475 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] pass out inet all flags S/SA keep state allow-opts label "let out anything IPv4 from firewall host itself" [ Evaluations: 6360571 Packets: 20716340 Bytes: 3175614872 States: 20 ] [ Inserted: pid 13728 State Creations: 78801 ] pass out inet6 all flags S/SA keep state allow-opts label "let out anything IPv6 from firewall host itself" [ Evaluations: 4355667 Packets: 87279 Bytes: 9651580 States: 2 ] [ Inserted: pid 13728 State Creations: 14375 ] pass out route-to (pppoe0 212.30.0.97) inet from 5.42.134.35 to ! 5.42.134.35 flags S/SA keep state allow-opts label "let out anything from firewall host itself" [ Evaluations: 4353714 Packets: 2949890950 Bytes: 1981265274025 States: 235 ] [ Inserted: pid 13728 State Creations: 2581966] pass in quick on em1 proto tcp from any to (em1) port = https flags S/SA keep state label "anti-lockout rule" [ Evaluations: 6369745 Packets: 13960210 Bytes: 3113803706 States: 1 ] [ Inserted: pid 13728 State Creations: 1119 ] pass in quick on em1 proto tcp from any to (em1) port = http flags S/SA keep state label "anti-lockout rule" [ Evaluations: 2400633 Packets: 5737157 Bytes: 1326895504 States: 0 ] [ Inserted: pid 13728 State Creations: 1 ] pass in quick on em1 proto tcp from any to (em1) port = ssh flags S/SA keep state label "anti-lockout rule" [ Evaluations: 2400632 Packets: 5737147 Bytes: 1326894699 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] pass in inet all flags S/SA keep state label "NAT REFLECT: Allow traffic to localhost" tagged PFREFLECT [ Evaluations: 6316648 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] anchor "userrules/*" all [ Evaluations: 3967986 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] pass quick on em1 inet proto icmp from any to 10.10.10.1 icmp-type echoreq keep state label "USER_RULE: pfB_DNSBL_Ping auto rule" [ Evaluations: 6367012 Packets: 10 Bytes: 840 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] pass quick on em1.70 inet proto icmp from any to 10.10.10.1 icmp-type echoreq keep state label "USER_RULE: pfB_DNSBL_Ping auto rule" [ Evaluations: 5668985 Packets: 10 Bytes: 840 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] pass quick on em1.99 inet proto icmp from any to 10.10.10.1 icmp-type echoreq keep state label "USER_RULE: pfB_DNSBL_Ping auto rule" [ Evaluations: 5663105 Packets: 10 Bytes: 840 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] pass quick on em1 inet proto tcp from any to 10.10.10.1 port = http flags S/SA keep state label "USER_RULE: pfB_DNSBL_Permit auto rule" [ Evaluations: 6052825 Packets: 595575 Bytes: 106613380 States: 1 ] [ Inserted: pid 13728 State Creations: 42932 ] pass quick on em1 inet proto tcp from any to 10.10.10.1 port = https flags S/SA keep state label "USER_RULE: pfB_DNSBL_Permit auto rule" [ Evaluations: 2286962 Packets: 983721 Bytes: 204421152 States: 14 ] [ Inserted: pid 13728 State Creations: 53261 ] pass quick on em1 inet proto udp from any to 10.10.10.1 port = http keep state label "USER_RULE: pfB_DNSBL_Permit auto rule" [ Evaluations: 2569653 Packets: 137886 Bytes: 35272197 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] pass quick on em1 inet proto udp from any to 10.10.10.1 port = https keep state label "USER_RULE: pfB_DNSBL_Permit auto rule" [ Evaluations: 2233691 Packets: 138105 Bytes: 35562369 States: 0 ] [ Inserted: pid 13728 State Creations: 37 ] pass quick on em1.70 inet proto tcp from any to 10.10.10.1 port = http flags S/SA keep state label "USER_RULE: pfB_DNSBL_Permit auto rule" [ Evaluations: 5503601 Packets: 137886 Bytes: 35272197 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] pass quick on em1.70 inet proto tcp from any to 10.10.10.1 port = https flags S/SA keep state label "USER_RULE: pfB_DNSBL_Permit auto rule" [ Evaluations: 2233648 Packets: 137886 Bytes: 35272197 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] pass quick on em1.70 inet proto udp from any to 10.10.10.1 port = http keep state label "USER_RULE: pfB_DNSBL_Permit auto rule" [ Evaluations: 2239472 Packets: 137886 Bytes: 35272197 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] pass quick on em1.70 inet proto udp from any to 10.10.10.1 port = https keep state label "USER_RULE: pfB_DNSBL_Permit auto rule" [ Evaluations: 2233648 Packets: 137886 Bytes: 35272197 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] pass quick on em1.99 inet proto tcp from any to 10.10.10.1 port = http flags S/SA keep state label "USER_RULE: pfB_DNSBL_Permit auto rule" [ Evaluations: 5503103 Packets: 137886 Bytes: 35272197 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] pass quick on em1.99 inet proto tcp from any to 10.10.10.1 port = https flags S/SA keep state label "USER_RULE: pfB_DNSBL_Permit auto rule" [ Evaluations: 2233648 Packets: 137886 Bytes: 35272197 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] pass quick on em1.99 inet proto udp from any to 10.10.10.1 port = http keep state label "USER_RULE: pfB_DNSBL_Permit auto rule" [ Evaluations: 2239151 Packets: 137886 Bytes: 35272197 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] pass quick on em1.99 inet proto udp from any to 10.10.10.1 port = https keep state label "USER_RULE: pfB_DNSBL_Permit auto rule" [ Evaluations: 2233648 Packets: 137886 Bytes: 35272197 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] block drop log quick on pppoe0 inet from <pfB_IPv4_v4> to any label "USER_RULE: pfB_IPv4_v4 auto rule" [ Evaluations: 5909938 Packets: 22180 Bytes: 1326672 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] block drop log quick on pppoe0 inet from <pfB_DNSBLIP_v4> to any label "USER_RULE: pfB_DNSBLIP_v4 auto rule" [ Evaluations: 4384366 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] block drop log quick on pppoe0 inet6 from <pfB_IPv6_v6> to any label "USER_RULE: pfB_IPv6_v6 auto rule" [ Evaluations: 4698355 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] pass log quick on em1 inet from any to <pfB_Whitelist_v4> flags S/SA keep state label "USER_RULE: pfB_Whitelist_v4 auto rule" [ Evaluations: 6199651 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] pass log quick on em1.70 inet from any to <pfB_Whitelist_v4> flags S/SA keep state label "USER_RULE: pfB_Whitelist_v4 auto rule" [ Evaluations: 5598085 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] pass log quick on em1.99 inet from any to <pfB_Whitelist_v4> flags S/SA keep state label "USER_RULE: pfB_Whitelist_v4 auto rule" [ Evaluations: 5591834 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] block return log quick on em1 inet from any to <pfB_IPv4_v4> label "USER_RULE: pfB_IPv4_v4 auto rule" [ Evaluations: 5887974 Packets: 102 Bytes: 9832 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] block return log quick on em1.70 inet from any to <pfB_IPv4_v4> label "USER_RULE: pfB_IPv4_v4 auto rule" [ Evaluations: 5432926 Packets: 80 Bytes: 8672 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] block return log quick on em1.99 inet from any to <pfB_IPv4_v4> label "USER_RULE: pfB_IPv4_v4 auto rule" [ Evaluations: 5426857 Packets: 80 Bytes: 8672 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] block return log quick on em1 inet from any to <pfB_DNSBLIP_v4> label "USER_RULE: pfB_DNSBLIP_v4 auto rule" [ Evaluations: 5886635 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] block return log quick on em1.70 inet from any to <pfB_DNSBLIP_v4> label "USER_RULE: pfB_DNSBLIP_v4 auto rule" [ Evaluations: 5432267 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] block return log quick on em1.99 inet from any to <pfB_DNSBLIP_v4> label "USER_RULE: pfB_DNSBLIP_v4 auto rule" [ Evaluations: 5426306 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] block return log quick on em1 inet6 from any to <pfB_IPv6_v6> label "USER_RULE: pfB_IPv6_v6 auto rule" [ Evaluations: 6197017 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] block return log quick on em1.70 inet6 from any to <pfB_IPv6_v6> label "USER_RULE: pfB_IPv6_v6 auto rule" [ Evaluations: 5595869 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] block return log quick on em1.99 inet6 from any to <pfB_IPv6_v6> label "USER_RULE: pfB_IPv6_v6 auto rule" [ Evaluations: 5589851 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] pass in quick on pppoe0 reply-to (pppoe0 212.30.0.97) inet proto tcp from any to 192.168.1.2 port = http flags S/SA keep state label "USER_RULE: NAT Webserver-80" [ Evaluations: 6196408 Packets: 670662 Bytes: 414364562 States: 5 ] [ Inserted: pid 13728 State Creations: 15774 ] pass in quick on pppoe0 reply-to (pppoe0 212.30.0.97) inet proto tcp from any to 192.168.1.2 port = https flags S/SA keep state label "USER_RULE: NAT Webserver-443" [ Evaluations: 8326 Packets: 562745 Bytes: 503735521 States: 0 ] [ Inserted: pid 13728 State Creations: 5484 ] pass in log quick on pppoe0 reply-to (pppoe0 212.30.0.97) inet proto tcp from any to 192.168.1.5 port = 32400 flags S/SA keep state label "USER_RULE: NAT Plex" [ Evaluations: 23322 Packets: 253 Bytes: 69104 States: 0 ] [ Inserted: pid 13728 State Creations: 6 ] pass in log quick on pppoe0 reply-to (pppoe0 212.30.0.97) inet proto tcp from any to 192.168.1.10 port = 8443 flags S/SA keep state label "USER_RULE: NAT Ubiquiti Controller" [ Evaluations: 23309 Packets: 98 Bytes: 9018 States: 0 ] [ Inserted: pid 13728 State Creations: 7 ] pass in log quick on em1 inet proto icmp from 192.168.1.0/24 to any icmp-type echoreq keep state label "USER_RULE: Allow ICMP Pings" [ Evaluations: 1963523 Packets: 13717 Bytes: 949060 States: 0 ] [ Inserted: pid 13728 State Creations: 1467 ] pass in quick on em1 inet from 192.168.1.0/24 to any flags S/SA keep state label "USER_RULE: Default allow LAN to any rule" [ Evaluations: 799742 Packets: 2933767017 Bytes: 1974196441221 States: 149 ] [ Inserted: pid 13728 State Creations: 426713] pass in log quick on em1.50 inet proto tcp from 192.168.50.0/24 to <PRINTERS> flags S/SA keep state label "USER_RULE: Allow CLEAR to Printer" [ Evaluations: 823708 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] pass in log quick on em1.50 inet proto udp from 192.168.50.0/24 to <PRINTERS> keep state label "USER_RULE: Allow CLEAR to Printer" [ Evaluations: 587451 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] pass in quick on em1.50 inet from 192.168.50.0/24 to any flags S/SA keep state label "USER_RULE: Allow CLEAR to any" [ Evaluations: 439215 Packets: 11175541 Bytes: 5539174421 States: 8 ] [ Inserted: pid 13728 State Creations: 425447] pass in log quick on em1.70 inet proto icmp from 192.168.70.0/24 to any icmp-type echoreq keep state label "USER_RULE: Allow IOT Pings" [ Evaluations: 393587 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] pass in quick on em1.70 inet proto tcp from 192.168.70.0/24 to 127.0.0.1 port = domain flags S/SA keep state label "USER_RULE: NAT IOT - DNS Redirect" [ Evaluations: 9267 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] pass in quick on em1.70 inet proto udp from 192.168.70.0/24 to 127.0.0.1 port = domain keep state label "USER_RULE: NAT IOT - DNS Redirect" [ Evaluations: 9140 Packets: 377 Bytes: 37497 States: 0 ] [ Inserted: pid 13728 State Creations: 232 ] pass in quick on em1.70 inet proto udp from 192.168.70.0/24 to 127.0.0.1 port = ntp keep state label "USER_RULE: NAT IOT - NTP Redirect" [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] block return in log quick on em1.70 inet proto tcp from 192.168.70.0/24 to <LOCAL_SUBNETS> label "USER_RULE: IOT - Reject internal interfaces." [ Evaluations: 9014 Packets: 1 Bytes: 60 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] block return in log quick on em1.70 inet proto udp from 192.168.70.0/24 to <LOCAL_SUBNETS> label "USER_RULE: IOT - Reject internal interfaces." [ Evaluations: 8887 Packets: 253 Bytes: 32464 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] pass in quick on em1.70 inet proto tcp from 192.168.70.0/24 to ! <LOCAL_SUBNETS> flags S/SA keep state label "USER_RULE: IOT - Allow traffic to WAN" [ Evaluations: 8727 Packets: 7470 Bytes: 4412058 States: 0 ] [ Inserted: pid 13728 State Creations: 126 ] pass in quick on em1.70 inet proto udp from 192.168.70.0/24 to ! <LOCAL_SUBNETS> keep state label "USER_RULE: IOT - Allow traffic to WAN" [ Evaluations: 8601 Packets: 35 Bytes: 3277 States: 0 ] [ Inserted: pid 13728 State Creations: 2 ] block drop in log quick on em1.70 inet all label "USER_RULE: IOT - Block Internal Interfaces" [ Evaluations: 8599 Packets: 8599 Bytes: 275168 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] block drop in quick on em1.70 inet6 all label "USER_RULE: IOT - Block Internal Interfaces" [ Evaluations: 296557 Packets: 118 Bytes: 13429 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] pass in log quick on em1.99 inet proto icmp from 192.168.99.0/24 to any icmp-type echoreq keep state label "USER_RULE: Allow GUEST Pings" [ Evaluations: 680638 Packets: 875 Bytes: 65072 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] block return in log quick on em1.99 inet proto tcp from 192.168.99.0/24 to <LOCAL_SUBNETS> label "USER_RULE: GUEST - Reject internal interfaces" [ Evaluations: 12549 Packets: 173 Bytes: 10380 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] block return in log quick on em1.99 inet proto udp from 192.168.99.0/24 to <LOCAL_SUBNETS> label "USER_RULE: GUEST - Reject internal interfaces" [ Evaluations: 12333 Packets: 191 Bytes: 19388 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ] pass in quick on em1.99 inet from 192.168.99.0/24 to any flags S/SA keep state label "USER_RULE: Allow GUEST to any" [ Evaluations: 11596 Packets: 322129 Bytes: 283571185 States: 0 ] [ Inserted: pid 13728 State Creations: 212 ] anchor "tftp-proxy/*" all [ Evaluations: 2975210 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: pid 13728 State Creations: 0 ]
bsd/pf_packet_filter_firewall/display_firewall_rule_info.txt · Last modified: 2021/02/02 14:22 by peter