Annotation of src/share/ipf/example.5, Revision 1.2
1.1 dm 1: #
2: # test ruleset
3: #
1.2 ! kjell 4: # allow packets coming from foo (10.1.1.2) to bar (10.2.1.1) through.
1.1 dm 5: #
1.2 ! kjell 6: pass in from 10.1.1.2 to 10.2.1.1
1.1 dm 7: #
8: # allow any TCP packets from the same subnet as foo is on through to host
9: # 10.1.1.2 if they are destined for port 6667.
10: #
1.2 ! kjell 11: pass in proto tcp from 10.2.2.2/24 to 10.1.1.2/32 port = 6667
1.1 dm 12: #
13: # allow in UDP packets which are NOT from port 53 and are destined for
14: # localhost
15: #
1.2 ! kjell 16: pass in proto udp from 10.2.2.2 port != 53 to localhost
1.1 dm 17: #
18: # block all ICMP unreachables.
19: #
1.2 ! kjell 20: block in proto icmp from any to any icmp-type unreach
1.1 dm 21: #
22: # allow packets through which have a non-standard IP header length (ie there
23: # are IP options such as source-routing present).
24: #
1.2 ! kjell 25: pass in from any to any with ipopts
![[BACK]](/icons/back.gif){kind=icon}
Return to example.5 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / share / ipf