mirror of
https://github.com/Stichting-MINIX-Research-Foundation/netbsd.git
synced 2025-09-11 08:07:30 -04:00
14 lines
453 B
Plaintext
14 lines
453 B
Plaintext
#
|
|
# Only allow TCP packets in/out of le0 if there is an outgoing connection setup
|
|
# somewhere, waiting for it.
|
|
#
|
|
pass out quick on le0 proto tcp from any to any flags S/SAFR keep state
|
|
block out on le0 proto tcp all
|
|
block in on le0 proto tcp all
|
|
#
|
|
# allow nameserver queries and replies to pass through, but no other UDP
|
|
#
|
|
pass out quick on le0 proto udp from any to any port = 53 keep state
|
|
block out on le0 proto udp all
|
|
block in on le0 proto udp all
|