mirror of
https://github.com/Stichting-MINIX-Research-Foundation/netbsd.git
synced 2025-09-15 18:26:12 -04:00
31 lines
1.0 KiB
Plaintext
31 lines
1.0 KiB
Plaintext
# $NetBSD: pf.boot.conf,v 1.3 2007/09/02 15:28:43 tron Exp $
|
|
#
|
|
# /etc/defaults/pf.boot.conf --
|
|
# initial configuration for pf(4)
|
|
#
|
|
# see pf.boot.conf(5) for more information.
|
|
#
|
|
# DO NOT EDIT THIS FILE DIRECTLY; IT MAY BE REPLACED DURING A SYSTEM UPGRADE.
|
|
# EDIT /etc/pf.boot.conf INSTEAD.
|
|
#
|
|
|
|
# Default deny.
|
|
block all
|
|
|
|
# Don't block loopback.
|
|
pass on lo0
|
|
|
|
# Allow outgoing dns, needed by pfctl to resolve names.
|
|
pass out proto { tcp, udp } from any to any port 53 keep state
|
|
|
|
# Allow outgoing ping request, might be needed by dhclient to validate
|
|
# old (but valid) leases in /var/db/dhclient.leases in case it needs to
|
|
# fall back to such a lease (the dhcp server can be down or not responding).
|
|
pass out inet proto icmp all icmp-type echoreq keep state
|
|
|
|
# Allow IPv6 router/neighbor solicitation and advertisement.
|
|
pass out inet6 proto ipv6-icmp all icmp6-type neighbrsol
|
|
pass in inet6 proto ipv6-icmp all icmp6-type neighbradv
|
|
pass out inet6 proto ipv6-icmp all icmp6-type routersol
|
|
pass in inet6 proto ipv6-icmp all icmp6-type routeradv
|