svn commit: r321030 - in head: etc/mtree sbin/pfctl sbin/pfctl/tests sbin/pfctl/tests/files targets/pseudo/tests
Kristof Provost
kp at FreeBSD.org
Sat Jul 15 19:22:09 UTC 2017
Author: kp
Date: Sat Jul 15 19:22:01 2017
New Revision: 321030
URL: https://svnweb.freebsd.org/changeset/base/321030
Log:
pfctl parser tests
Copy the most important test cases from OpenBSD's corresponding
src/regress/sbin/pfctl, those that run pfctl on a test input file and check
correctness of its output. We have also added some new tests using the same
format.
The tests consist of a collection of input files (pf*.in) and
corresponding output files (pf*.ok). We run pfctl -nv on the input
files and check that the output matches the output files. If any
discrepancy is discovered during future development in the source
tree, we know that a regression bug has been introduced into the tree.
Submitted by: paggas
Sponsored by: Google, Inc (GSoC 2017)
Differential Revision: https://reviews.freebsd.org/D11322
Added:
head/sbin/pfctl/tests/
head/sbin/pfctl/tests/Makefile (contents, props changed)
head/sbin/pfctl/tests/files/
head/sbin/pfctl/tests/files/Makefile (contents, props changed)
head/sbin/pfctl/tests/files/pf0001.in (contents, props changed)
head/sbin/pfctl/tests/files/pf0001.ok (contents, props changed)
head/sbin/pfctl/tests/files/pf0002.in (contents, props changed)
head/sbin/pfctl/tests/files/pf0002.ok (contents, props changed)
head/sbin/pfctl/tests/files/pf0003.in (contents, props changed)
head/sbin/pfctl/tests/files/pf0003.ok (contents, props changed)
head/sbin/pfctl/tests/files/pf0004.in (contents, props changed)
head/sbin/pfctl/tests/files/pf0004.ok (contents, props changed)
head/sbin/pfctl/tests/files/pf0005.in (contents, props changed)
head/sbin/pfctl/tests/files/pf0005.ok (contents, props changed)
head/sbin/pfctl/tests/files/pf0006.in (contents, props changed)
head/sbin/pfctl/tests/files/pf0006.ok (contents, props changed)
head/sbin/pfctl/tests/files/pf0007.in (contents, props changed)
head/sbin/pfctl/tests/files/pf0007.ok (contents, props changed)
head/sbin/pfctl/tests/files/pf0008.in (contents, props changed)
head/sbin/pfctl/tests/files/pf0008.ok (contents, props changed)
head/sbin/pfctl/tests/files/pf0009.in (contents, props changed)
head/sbin/pfctl/tests/files/pf0009.ok (contents, props changed)
head/sbin/pfctl/tests/files/pf0010.in (contents, props changed)
head/sbin/pfctl/tests/files/pf0010.ok (contents, props changed)
head/sbin/pfctl/tests/files/pf0011.in (contents, props changed)
head/sbin/pfctl/tests/files/pf0011.ok (contents, props changed)
head/sbin/pfctl/tests/files/pf0012.in (contents, props changed)
head/sbin/pfctl/tests/files/pf0012.ok (contents, props changed)
head/sbin/pfctl/tests/files/pf0013.in (contents, props changed)
head/sbin/pfctl/tests/files/pf0013.ok (contents, props changed)
head/sbin/pfctl/tests/files/pf0014.in (contents, props changed)
head/sbin/pfctl/tests/files/pf0014.ok (contents, props changed)
head/sbin/pfctl/tests/files/pf0016.in (contents, props changed)
head/sbin/pfctl/tests/files/pf0016.ok (contents, props changed)
head/sbin/pfctl/tests/files/pf0018.in (contents, props changed)
head/sbin/pfctl/tests/files/pf0018.ok (contents, props changed)
head/sbin/pfctl/tests/files/pf0019.in (contents, props changed)
head/sbin/pfctl/tests/files/pf0019.ok (contents, props changed)
head/sbin/pfctl/tests/files/pf0020.in (contents, props changed)
head/sbin/pfctl/tests/files/pf0020.ok (contents, props changed)
head/sbin/pfctl/tests/files/pf0022.in (contents, props changed)
head/sbin/pfctl/tests/files/pf0022.ok (contents, props changed)
head/sbin/pfctl/tests/files/pf0023.in (contents, props changed)
head/sbin/pfctl/tests/files/pf0023.ok (contents, props changed)
head/sbin/pfctl/tests/files/pf0024.in (contents, props changed)
head/sbin/pfctl/tests/files/pf0024.ok (contents, props changed)
head/sbin/pfctl/tests/files/pf0025.in (contents, props changed)
head/sbin/pfctl/tests/files/pf0025.ok (contents, props changed)
head/sbin/pfctl/tests/files/pf0026.in (contents, props changed)
head/sbin/pfctl/tests/files/pf0026.ok (contents, props changed)
head/sbin/pfctl/tests/files/pf0028.in (contents, props changed)
head/sbin/pfctl/tests/files/pf0028.ok (contents, props changed)
head/sbin/pfctl/tests/files/pf0030.in (contents, props changed)
head/sbin/pfctl/tests/files/pf0030.ok (contents, props changed)
head/sbin/pfctl/tests/files/pf0031.in (contents, props changed)
head/sbin/pfctl/tests/files/pf0031.ok (contents, props changed)
head/sbin/pfctl/tests/files/pf0032.in (contents, props changed)
head/sbin/pfctl/tests/files/pf0032.ok (contents, props changed)
head/sbin/pfctl/tests/files/pf0034.in (contents, props changed)
head/sbin/pfctl/tests/files/pf0034.ok (contents, props changed)
head/sbin/pfctl/tests/files/pf0035.in (contents, props changed)
head/sbin/pfctl/tests/files/pf0035.ok (contents, props changed)
head/sbin/pfctl/tests/files/pf0038.in (contents, props changed)
head/sbin/pfctl/tests/files/pf0038.ok (contents, props changed)
head/sbin/pfctl/tests/files/pf0039.in (contents, props changed)
head/sbin/pfctl/tests/files/pf0039.ok (contents, props changed)
head/sbin/pfctl/tests/files/pf0040.in (contents, props changed)
head/sbin/pfctl/tests/files/pf0040.ok (contents, props changed)
head/sbin/pfctl/tests/files/pf0041.in (contents, props changed)
head/sbin/pfctl/tests/files/pf0041.ok (contents, props changed)
head/sbin/pfctl/tests/files/pf0047.in (contents, props changed)
head/sbin/pfctl/tests/files/pf0047.ok (contents, props changed)
head/sbin/pfctl/tests/files/pf0048.in (contents, props changed)
head/sbin/pfctl/tests/files/pf0048.ok (contents, props changed)
head/sbin/pfctl/tests/files/pf0049.in (contents, props changed)
head/sbin/pfctl/tests/files/pf0049.ok (contents, props changed)
head/sbin/pfctl/tests/files/pf0050.in (contents, props changed)
head/sbin/pfctl/tests/files/pf0050.ok (contents, props changed)
head/sbin/pfctl/tests/files/pf0052.in (contents, props changed)
head/sbin/pfctl/tests/files/pf0052.ok (contents, props changed)
head/sbin/pfctl/tests/files/pf0053.in (contents, props changed)
head/sbin/pfctl/tests/files/pf0053.ok (contents, props changed)
head/sbin/pfctl/tests/files/pf0055.in (contents, props changed)
head/sbin/pfctl/tests/files/pf0055.ok (contents, props changed)
head/sbin/pfctl/tests/files/pf0056.in (contents, props changed)
head/sbin/pfctl/tests/files/pf0056.ok (contents, props changed)
head/sbin/pfctl/tests/files/pf0057.in (contents, props changed)
head/sbin/pfctl/tests/files/pf0057.ok (contents, props changed)
head/sbin/pfctl/tests/files/pf0060.in (contents, props changed)
head/sbin/pfctl/tests/files/pf0060.ok (contents, props changed)
head/sbin/pfctl/tests/files/pf0061.in (contents, props changed)
head/sbin/pfctl/tests/files/pf0061.ok (contents, props changed)
head/sbin/pfctl/tests/files/pf0065.in (contents, props changed)
head/sbin/pfctl/tests/files/pf0065.ok (contents, props changed)
head/sbin/pfctl/tests/files/pf0067.in (contents, props changed)
head/sbin/pfctl/tests/files/pf0067.ok (contents, props changed)
head/sbin/pfctl/tests/files/pf0069.in (contents, props changed)
head/sbin/pfctl/tests/files/pf0069.ok (contents, props changed)
head/sbin/pfctl/tests/files/pf0070.in (contents, props changed)
head/sbin/pfctl/tests/files/pf0070.ok (contents, props changed)
head/sbin/pfctl/tests/files/pf0071.in (contents, props changed)
head/sbin/pfctl/tests/files/pf0071.ok (contents, props changed)
head/sbin/pfctl/tests/files/pf0072.in (contents, props changed)
head/sbin/pfctl/tests/files/pf0072.ok (contents, props changed)
head/sbin/pfctl/tests/files/pf0074.in (contents, props changed)
head/sbin/pfctl/tests/files/pf0074.ok (contents, props changed)
head/sbin/pfctl/tests/files/pf0075.in (contents, props changed)
head/sbin/pfctl/tests/files/pf0075.ok (contents, props changed)
head/sbin/pfctl/tests/files/pf0077.in (contents, props changed)
head/sbin/pfctl/tests/files/pf0077.ok (contents, props changed)
head/sbin/pfctl/tests/files/pf0078.in (contents, props changed)
head/sbin/pfctl/tests/files/pf0078.ok (contents, props changed)
head/sbin/pfctl/tests/files/pf0079.in (contents, props changed)
head/sbin/pfctl/tests/files/pf0079.ok (contents, props changed)
head/sbin/pfctl/tests/files/pf0081.in (contents, props changed)
head/sbin/pfctl/tests/files/pf0081.ok (contents, props changed)
head/sbin/pfctl/tests/files/pf0082.in (contents, props changed)
head/sbin/pfctl/tests/files/pf0082.ok (contents, props changed)
head/sbin/pfctl/tests/files/pf0084.in (contents, props changed)
head/sbin/pfctl/tests/files/pf0084.ok (contents, props changed)
head/sbin/pfctl/tests/files/pf0085.in (contents, props changed)
head/sbin/pfctl/tests/files/pf0085.ok (contents, props changed)
head/sbin/pfctl/tests/files/pf0087.in (contents, props changed)
head/sbin/pfctl/tests/files/pf0087.ok (contents, props changed)
head/sbin/pfctl/tests/files/pf0088.in (contents, props changed)
head/sbin/pfctl/tests/files/pf0088.ok (contents, props changed)
head/sbin/pfctl/tests/files/pf0089.in (contents, props changed)
head/sbin/pfctl/tests/files/pf0089.ok (contents, props changed)
head/sbin/pfctl/tests/files/pf0090.in (contents, props changed)
head/sbin/pfctl/tests/files/pf0090.ok (contents, props changed)
head/sbin/pfctl/tests/files/pf0091.in (contents, props changed)
head/sbin/pfctl/tests/files/pf0091.ok (contents, props changed)
head/sbin/pfctl/tests/files/pf0092.in (contents, props changed)
head/sbin/pfctl/tests/files/pf0092.ok (contents, props changed)
head/sbin/pfctl/tests/files/pf0094.in (contents, props changed)
head/sbin/pfctl/tests/files/pf0094.ok (contents, props changed)
head/sbin/pfctl/tests/files/pf0095.in (contents, props changed)
head/sbin/pfctl/tests/files/pf0095.include (contents, props changed)
head/sbin/pfctl/tests/files/pf0095.ok (contents, props changed)
head/sbin/pfctl/tests/files/pf0096.in (contents, props changed)
head/sbin/pfctl/tests/files/pf0096.ok (contents, props changed)
head/sbin/pfctl/tests/files/pf0097.in (contents, props changed)
head/sbin/pfctl/tests/files/pf0097.ok (contents, props changed)
head/sbin/pfctl/tests/files/pf0098.in (contents, props changed)
head/sbin/pfctl/tests/files/pf0098.ok (contents, props changed)
head/sbin/pfctl/tests/files/pf0100.in (contents, props changed)
head/sbin/pfctl/tests/files/pf0100.ok (contents, props changed)
head/sbin/pfctl/tests/files/pf0101.in (contents, props changed)
head/sbin/pfctl/tests/files/pf0101.ok (contents, props changed)
head/sbin/pfctl/tests/files/pf0102.in (contents, props changed)
head/sbin/pfctl/tests/files/pf0102.ok (contents, props changed)
head/sbin/pfctl/tests/files/pf0104.in (contents, props changed)
head/sbin/pfctl/tests/files/pf0104.ok (contents, props changed)
head/sbin/pfctl/tests/files/pf1001.in (contents, props changed)
head/sbin/pfctl/tests/files/pf1001.ok (contents, props changed)
head/sbin/pfctl/tests/files/pf1002.in (contents, props changed)
head/sbin/pfctl/tests/files/pf1002.ok (contents, props changed)
head/sbin/pfctl/tests/files/pf1003.in (contents, props changed)
head/sbin/pfctl/tests/files/pf1003.ok (contents, props changed)
head/sbin/pfctl/tests/files/pf1004.in (contents, props changed)
head/sbin/pfctl/tests/files/pf1004.ok (contents, props changed)
head/sbin/pfctl/tests/files/pfctl_test_descr.sh (contents, props changed)
head/sbin/pfctl/tests/pfctl_test.sh (contents, props changed)
Modified:
head/etc/mtree/BSD.tests.dist
head/sbin/pfctl/Makefile
head/targets/pseudo/tests/Makefile.depend
Modified: head/etc/mtree/BSD.tests.dist
==============================================================================
--- head/etc/mtree/BSD.tests.dist Sat Jul 15 19:18:37 2017 (r321029)
+++ head/etc/mtree/BSD.tests.dist Sat Jul 15 19:22:01 2017 (r321030)
@@ -378,6 +378,10 @@
..
mdconfig
..
+ pfctl
+ files
+ ..
+ ..
..
secure
lib
Modified: head/sbin/pfctl/Makefile
==============================================================================
--- head/sbin/pfctl/Makefile Sat Jul 15 19:18:37 2017 (r321029)
+++ head/sbin/pfctl/Makefile Sat Jul 15 19:22:01 2017 (r321030)
@@ -31,4 +31,8 @@ YFLAGS=
LIBADD= m md
+.if ${MK_TESTS} != "no"
+SUBDIR+= tests
+.endif
+
.include <bsd.prog.mk>
Added: head/sbin/pfctl/tests/Makefile
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sbin/pfctl/tests/Makefile Sat Jul 15 19:22:01 2017 (r321030)
@@ -0,0 +1,7 @@
+# $FreeBSD$
+
+ATF_TESTS_SH= pfctl_test
+
+SUBDIR+= files
+
+.include <bsd.test.mk>
Added: head/sbin/pfctl/tests/files/Makefile
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/Makefile Sat Jul 15 19:22:01 2017 (r321030)
@@ -0,0 +1,12 @@
+# $FreeBSD$
+
+TESTSDIR= ${TESTSBASE}/sbin/pfctl/files
+BINDIR= ${TESTSDIR}
+
+# We use ${.CURDIR} as workaround so that the glob patterns work.
+FILES= ${.CURDIR}/pf????.in
+FILES+= ${.CURDIR}/pf????.include
+FILES+= ${.CURDIR}/pf????.ok
+FILES+= ${.CURDIR}/pfctl_test_descr.sh
+
+.include <bsd.progs.mk>
Added: head/sbin/pfctl/tests/files/pf0001.in
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0001.in Sat Jul 15 19:22:01 2017 (r321030)
@@ -0,0 +1,8 @@
+pass in all
+pass in from any to any no state
+pass in proto tcp from any port <= 1024 to any label foo_bar
+pass in proto tcp from any to any port = 25
+pass in proto tcp from 10.0.0.0/8 port > 1024 to ! 10.1.2.3 port != 22
+pass in proto igmp from 10.0.0.0/8 to 10.1.1.1 allow-opts
+pass in proto tcp from { 1.2.3.4, 1.2.3.5 } to any label \
+"$nr:$proto:$srcaddr:$srcport:$dstaddr:$dstport"
Added: head/sbin/pfctl/tests/files/pf0001.ok
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0001.ok Sat Jul 15 19:22:01 2017 (r321030)
@@ -0,0 +1,8 @@
+pass in all flags S/SA keep state
+pass in all no state
+pass in proto tcp from any port <= 1024 to any flags S/SA keep state label "foo_bar"
+pass in proto tcp from any to any port = smtp flags S/SA keep state
+pass in inet proto tcp from 10.0.0.0/8 port > 1024 to ! 10.1.2.3 port != ssh flags S/SA keep state
+pass in inet proto igmp from 10.0.0.0/8 to 10.1.1.1 keep state allow-opts
+pass in inet proto tcp from 1.2.3.4 to any flags S/SA keep state label "6:tcp:1.2.3.4::any:"
+pass in inet proto tcp from 1.2.3.5 to any flags S/SA keep state label "7:tcp:1.2.3.5::any:"
Added: head/sbin/pfctl/tests/files/pf0002.in
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0002.in Sat Jul 15 19:22:01 2017 (r321030)
@@ -0,0 +1,34 @@
+# test
+
+block out log on tun1000000 all
+block in log on tun1000000 all
+
+block return-rst out log on tun1000000 proto tcp all
+block return-rst in log on tun1000000 proto tcp all
+block return-icmp out log on tun1000000 proto udp all
+block return-icmp in log on tun1000000 proto udp all
+
+block out log quick on tun1000000 from ! 157.161.48.183 to any
+
+block in quick on tun1000000 from any to 255.255.255.255
+
+block in log quick on tun1000000 from 10.0.0.0/8 to any
+block in log quick on tun1000000 from 172.16.0.0/12 to any
+block in quick log on tun1000000 from 192.168.0.0/16 to any
+block in quick log on tun1000000 from 255.255.255.255/32 to any
+
+block in log quick from no-route to any
+
+pass out on tun1000000 inet proto icmp all icmp-type 8 code 0 keep state
+pass in on tun1000000 inet proto icmp all icmp-type 8 code 0 keep state
+
+pass out on tun1000000 proto udp all keep state
+
+pass in on tun1000000 proto udp from any to any port = domain keep state
+
+pass out on tun1000000 proto tcp all keep state
+
+pass in on tun1000000 proto tcp from any to any port = ssh keep state
+pass in on tun1000000 proto tcp from any to any port = smtp keep state
+pass in on tun1000000 proto tcp from any to any port = domain keep state
+pass in on tun1000000 proto tcp from any to any port = auth keep state
Added: head/sbin/pfctl/tests/files/pf0002.ok
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0002.ok Sat Jul 15 19:22:01 2017 (r321030)
@@ -0,0 +1,22 @@
+block drop out log on tun1000000 all
+block drop in log on tun1000000 all
+block return-rst out log on tun1000000 proto tcp all
+block return-rst in log on tun1000000 proto tcp all
+block return-icmp(port-unr, port-unr) out log on tun1000000 proto udp all
+block return-icmp(port-unr, port-unr) in log on tun1000000 proto udp all
+block drop out log quick on tun1000000 inet from ! 157.161.48.183 to any
+block drop in quick on tun1000000 inet from any to 255.255.255.255
+block drop in log quick on tun1000000 inet from 10.0.0.0/8 to any
+block drop in log quick on tun1000000 inet from 172.16.0.0/12 to any
+block drop in log quick on tun1000000 inet from 192.168.0.0/16 to any
+block drop in log quick on tun1000000 inet from 255.255.255.255 to any
+block drop in log quick from no-route to any
+pass out on tun1000000 inet proto icmp all icmp-type echoreq code 0 keep state
+pass in on tun1000000 inet proto icmp all icmp-type echoreq code 0 keep state
+pass out on tun1000000 proto udp all keep state
+pass in on tun1000000 proto udp from any to any port = domain keep state
+pass out on tun1000000 proto tcp all flags S/SA keep state
+pass in on tun1000000 proto tcp from any to any port = ssh flags S/SA keep state
+pass in on tun1000000 proto tcp from any to any port = smtp flags S/SA keep state
+pass in on tun1000000 proto tcp from any to any port = domain flags S/SA keep state
+pass in on tun1000000 proto tcp from any to any port = auth flags S/SA keep state
Added: head/sbin/pfctl/tests/files/pf0003.in
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0003.in Sat Jul 15 19:22:01 2017 (r321030)
@@ -0,0 +1,13 @@
+pass in all
+pass in from any to any
+
+block in proto tcp from any to any flags FUPEW/FSRPAUEW
+block in proto tcp from any to any flags SF/SFRA
+block in proto tcp from any to any flags /SFRAW
+
+pass in proto { udp, icmp, tcp } from any to any flags S/SA
+pass in from any to any flags S/SA no state
+pass in from any to any flags any no state
+pass in from any to any flags any
+pass in from any to any keep state
+pass in from any to any
Added: head/sbin/pfctl/tests/files/pf0003.ok
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0003.ok Sat Jul 15 19:22:01 2017 (r321030)
@@ -0,0 +1,13 @@
+pass in all flags S/SA keep state
+pass in all flags S/SA keep state
+block drop in proto tcp all flags FPUEW/FSRPAUEW
+block drop in proto tcp all flags FS/FSRA
+block drop in proto tcp all flags /FSRAW
+pass in proto udp all keep state
+pass in proto icmp all keep state
+pass in proto tcp all flags S/SA keep state
+pass in all flags S/SA no state
+pass in all no state
+pass in all flags any keep state
+pass in all flags S/SA keep state
+pass in all flags S/SA keep state
Added: head/sbin/pfctl/tests/files/pf0004.in
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0004.in Sat Jul 15 19:22:01 2017 (r321030)
@@ -0,0 +1,16 @@
+block in all
+block in proto tcp all
+block in proto { tcp, udp } all
+
+block in from any to any
+block in from 10.0.0.0/8 to any
+block in from ! 10.0.0.0/8 to any
+block in from { 10.0.0.0/8, 172.16.0.0/12 } to any
+
+block in proto tcp from any port = ssh to any
+block in proto tcp from any port { ssh, ftp >< 2048, != 1234, >= www } \
+ to any port 1024:2048
+
+block in proto { tcp, udp } from { 10.0.0.0/8, 172.16.0.0/12 } port { ssh, ftp } \
+ to { 192.168.0.0/16, 12.34.56.78 } port { 6667, 6668, 6669:65535 }
+
Added: head/sbin/pfctl/tests/files/pf0004.ok
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0004.ok Sat Jul 15 19:22:01 2017 (r321030)
@@ -0,0 +1,62 @@
+block drop in all
+block drop in proto tcp all
+block drop in proto tcp all
+block drop in proto udp all
+block drop in all
+block drop in inet from 10.0.0.0/8 to any
+block drop in inet from ! 10.0.0.0/8 to any
+block drop in inet from 10.0.0.0/8 to any
+block drop in inet from 172.16.0.0/12 to any
+block drop in proto tcp from any port = ssh to any
+block drop in proto tcp from any port = ssh to any port 1024:2048
+block drop in proto tcp from any port 21 >< 2048 to any port 1024:2048
+block drop in proto tcp from any port != 1234 to any port 1024:2048
+block drop in proto tcp from any port >= 80 to any port 1024:2048
+block drop in inet proto tcp from 10.0.0.0/8 port = ssh to 192.168.0.0/16 port = ircd
+block drop in inet proto tcp from 10.0.0.0/8 port = ssh to 192.168.0.0/16 port = 6668
+block drop in inet proto tcp from 10.0.0.0/8 port = ssh to 192.168.0.0/16 port 6669:65535
+block drop in inet proto tcp from 10.0.0.0/8 port = ssh to 12.34.56.78 port = ircd
+block drop in inet proto tcp from 10.0.0.0/8 port = ssh to 12.34.56.78 port = 6668
+block drop in inet proto tcp from 10.0.0.0/8 port = ssh to 12.34.56.78 port 6669:65535
+block drop in inet proto tcp from 10.0.0.0/8 port = ftp to 192.168.0.0/16 port = ircd
+block drop in inet proto tcp from 10.0.0.0/8 port = ftp to 192.168.0.0/16 port = 6668
+block drop in inet proto tcp from 10.0.0.0/8 port = ftp to 192.168.0.0/16 port 6669:65535
+block drop in inet proto tcp from 10.0.0.0/8 port = ftp to 12.34.56.78 port = ircd
+block drop in inet proto tcp from 10.0.0.0/8 port = ftp to 12.34.56.78 port = 6668
+block drop in inet proto tcp from 10.0.0.0/8 port = ftp to 12.34.56.78 port 6669:65535
+block drop in inet proto tcp from 172.16.0.0/12 port = ssh to 192.168.0.0/16 port = ircd
+block drop in inet proto tcp from 172.16.0.0/12 port = ssh to 192.168.0.0/16 port = 6668
+block drop in inet proto tcp from 172.16.0.0/12 port = ssh to 192.168.0.0/16 port 6669:65535
+block drop in inet proto tcp from 172.16.0.0/12 port = ssh to 12.34.56.78 port = ircd
+block drop in inet proto tcp from 172.16.0.0/12 port = ssh to 12.34.56.78 port = 6668
+block drop in inet proto tcp from 172.16.0.0/12 port = ssh to 12.34.56.78 port 6669:65535
+block drop in inet proto tcp from 172.16.0.0/12 port = ftp to 192.168.0.0/16 port = ircd
+block drop in inet proto tcp from 172.16.0.0/12 port = ftp to 192.168.0.0/16 port = 6668
+block drop in inet proto tcp from 172.16.0.0/12 port = ftp to 192.168.0.0/16 port 6669:65535
+block drop in inet proto tcp from 172.16.0.0/12 port = ftp to 12.34.56.78 port = ircd
+block drop in inet proto tcp from 172.16.0.0/12 port = ftp to 12.34.56.78 port = 6668
+block drop in inet proto tcp from 172.16.0.0/12 port = ftp to 12.34.56.78 port 6669:65535
+block drop in inet proto udp from 10.0.0.0/8 port = ssh to 192.168.0.0/16 port = 6667
+block drop in inet proto udp from 10.0.0.0/8 port = ssh to 192.168.0.0/16 port = 6668
+block drop in inet proto udp from 10.0.0.0/8 port = ssh to 192.168.0.0/16 port 6669:65535
+block drop in inet proto udp from 10.0.0.0/8 port = ssh to 12.34.56.78 port = 6667
+block drop in inet proto udp from 10.0.0.0/8 port = ssh to 12.34.56.78 port = 6668
+block drop in inet proto udp from 10.0.0.0/8 port = ssh to 12.34.56.78 port 6669:65535
+block drop in inet proto udp from 10.0.0.0/8 port = ftp to 192.168.0.0/16 port = 6667
+block drop in inet proto udp from 10.0.0.0/8 port = ftp to 192.168.0.0/16 port = 6668
+block drop in inet proto udp from 10.0.0.0/8 port = ftp to 192.168.0.0/16 port 6669:65535
+block drop in inet proto udp from 10.0.0.0/8 port = ftp to 12.34.56.78 port = 6667
+block drop in inet proto udp from 10.0.0.0/8 port = ftp to 12.34.56.78 port = 6668
+block drop in inet proto udp from 10.0.0.0/8 port = ftp to 12.34.56.78 port 6669:65535
+block drop in inet proto udp from 172.16.0.0/12 port = ssh to 192.168.0.0/16 port = 6667
+block drop in inet proto udp from 172.16.0.0/12 port = ssh to 192.168.0.0/16 port = 6668
+block drop in inet proto udp from 172.16.0.0/12 port = ssh to 192.168.0.0/16 port 6669:65535
+block drop in inet proto udp from 172.16.0.0/12 port = ssh to 12.34.56.78 port = 6667
+block drop in inet proto udp from 172.16.0.0/12 port = ssh to 12.34.56.78 port = 6668
+block drop in inet proto udp from 172.16.0.0/12 port = ssh to 12.34.56.78 port 6669:65535
+block drop in inet proto udp from 172.16.0.0/12 port = ftp to 192.168.0.0/16 port = 6667
+block drop in inet proto udp from 172.16.0.0/12 port = ftp to 192.168.0.0/16 port = 6668
+block drop in inet proto udp from 172.16.0.0/12 port = ftp to 192.168.0.0/16 port 6669:65535
+block drop in inet proto udp from 172.16.0.0/12 port = ftp to 12.34.56.78 port = 6667
+block drop in inet proto udp from 172.16.0.0/12 port = ftp to 12.34.56.78 port = 6668
+block drop in inet proto udp from 172.16.0.0/12 port = ftp to 12.34.56.78 port 6669:65535
Added: head/sbin/pfctl/tests/files/pf0005.in
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0005.in Sat Jul 15 19:22:01 2017 (r321030)
@@ -0,0 +1,6 @@
+foo = "ssh, ftp"
+bar = "other thing"
+inside="10.0.0.0/8"
+
+block in proto udp from $inside port { echo, $foo, ident } \
+ to 12.34.56.78 port { 6667, 0x10 }
Added: head/sbin/pfctl/tests/files/pf0005.ok
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0005.ok Sat Jul 15 19:22:01 2017 (r321030)
@@ -0,0 +1,11 @@
+foo = "ssh, ftp"
+bar = "other thing"
+inside = "10.0.0.0/8"
+block drop in inet proto udp from 10.0.0.0/8 port = echo to 12.34.56.78 port = 6667
+block drop in inet proto udp from 10.0.0.0/8 port = echo to 12.34.56.78 port = 16
+block drop in inet proto udp from 10.0.0.0/8 port = ssh to 12.34.56.78 port = 6667
+block drop in inet proto udp from 10.0.0.0/8 port = ssh to 12.34.56.78 port = 16
+block drop in inet proto udp from 10.0.0.0/8 port = ftp to 12.34.56.78 port = 6667
+block drop in inet proto udp from 10.0.0.0/8 port = ftp to 12.34.56.78 port = 16
+block drop in inet proto udp from 10.0.0.0/8 port = auth to 12.34.56.78 port = 6667
+block drop in inet proto udp from 10.0.0.0/8 port = auth to 12.34.56.78 port = 16
Added: head/sbin/pfctl/tests/files/pf0006.in
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0006.in Sat Jul 15 19:22:01 2017 (r321030)
@@ -0,0 +1,3 @@
+a=b
+c=x
+a_b_c=d
Added: head/sbin/pfctl/tests/files/pf0006.ok
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0006.ok Sat Jul 15 19:22:01 2017 (r321030)
@@ -0,0 +1,3 @@
+a = "b"
+c = "x"
+a_b_c = "d"
Added: head/sbin/pfctl/tests/files/pf0007.in
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0007.in Sat Jul 15 19:22:01 2017 (r321030)
@@ -0,0 +1,34 @@
+# test modulate state
+
+block out log on tun1000000 all
+block in log on tun1000000 all
+
+block return-rst out log on tun1000000 proto tcp all
+block return-rst in log on tun1000000 proto tcp all
+block return-icmp out log on tun1000000 proto udp all
+block return-icmp in log on tun1000000 proto udp all
+
+block out log quick on tun1000000 from ! 157.161.48.183 to any
+
+block in quick on tun1000000 from any to 255.255.255.255
+
+block in log quick on tun1000000 from 10.0.0.0/8 to any
+block in log quick on tun1000000 from 172.16.0.0/12 to any
+block in log quick on tun1000000 from 192.168.0.0/16 to any
+block in log quick on tun1000000 from 255.255.255.255/32 to any
+
+pass out on tun1000000 inet proto icmp all icmp-type 8 code 0 keep state
+pass in on tun1000000 inet proto icmp all icmp-type 8 code 0 keep state
+
+pass out on tun1000000 proto udp all keep state
+
+pass in on tun1000000 proto udp from any to any port = domain keep state
+
+pass out on tun1000000 proto tcp all modulate state
+pass in on tun1000000 proto { tcp udp icmp } all modulate state
+pass in on tun1000000 proto { udp tcp icmp } all flags S/SA synproxy state
+
+pass in on tun1000000 proto tcp from any to any port = ssh modulate state
+pass in on tun1000000 proto tcp from any to any port = smtp modulate state
+pass in on tun1000000 proto tcp from any to any port = domain modulate state
+pass in on tun1000000 proto tcp from any to any port = auth modulate state
Added: head/sbin/pfctl/tests/files/pf0007.ok
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0007.ok Sat Jul 15 19:22:01 2017 (r321030)
@@ -0,0 +1,27 @@
+block drop out log on tun1000000 all
+block drop in log on tun1000000 all
+block return-rst out log on tun1000000 proto tcp all
+block return-rst in log on tun1000000 proto tcp all
+block return-icmp(port-unr, port-unr) out log on tun1000000 proto udp all
+block return-icmp(port-unr, port-unr) in log on tun1000000 proto udp all
+block drop out log quick on tun1000000 inet from ! 157.161.48.183 to any
+block drop in quick on tun1000000 inet from any to 255.255.255.255
+block drop in log quick on tun1000000 inet from 10.0.0.0/8 to any
+block drop in log quick on tun1000000 inet from 172.16.0.0/12 to any
+block drop in log quick on tun1000000 inet from 192.168.0.0/16 to any
+block drop in log quick on tun1000000 inet from 255.255.255.255 to any
+pass out on tun1000000 inet proto icmp all icmp-type echoreq code 0 keep state
+pass in on tun1000000 inet proto icmp all icmp-type echoreq code 0 keep state
+pass out on tun1000000 proto udp all keep state
+pass in on tun1000000 proto udp from any to any port = domain keep state
+pass out on tun1000000 proto tcp all flags S/SA modulate state
+pass in on tun1000000 proto tcp all flags S/SA modulate state
+pass in on tun1000000 proto udp all keep state
+pass in on tun1000000 proto icmp all keep state
+pass in on tun1000000 proto udp all keep state
+pass in on tun1000000 proto tcp all flags S/SA synproxy state
+pass in on tun1000000 proto icmp all keep state
+pass in on tun1000000 proto tcp from any to any port = ssh flags S/SA modulate state
+pass in on tun1000000 proto tcp from any to any port = smtp flags S/SA modulate state
+pass in on tun1000000 proto tcp from any to any port = domain flags S/SA modulate state
+pass in on tun1000000 proto tcp from any to any port = auth flags S/SA modulate state
Added: head/sbin/pfctl/tests/files/pf0008.in
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0008.in Sat Jul 15 19:22:01 2017 (r321030)
@@ -0,0 +1,2 @@
+extern = "{ ! 10.0.0.0/8, 10.1.2.3 }"
+block out log on tun1000001 from $extern to any
Added: head/sbin/pfctl/tests/files/pf0008.ok
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0008.ok Sat Jul 15 19:22:01 2017 (r321030)
@@ -0,0 +1,3 @@
+extern = "{ ! 10.0.0.0/8, 10.1.2.3 }"
+block drop out log on tun1000001 inet from ! 10.0.0.0/8 to any
+block drop out log on tun1000001 inet from 10.1.2.3 to any
Added: head/sbin/pfctl/tests/files/pf0009.in
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0009.in Sat Jul 15 19:22:01 2017 (r321030)
@@ -0,0 +1,3 @@
+interfaces = "{ enc0, tun1000000 }"
+
+block in on $interfaces all
Added: head/sbin/pfctl/tests/files/pf0009.ok
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0009.ok Sat Jul 15 19:22:01 2017 (r321030)
@@ -0,0 +1,3 @@
+interfaces = "{ enc0, tun1000000 }"
+block drop in on enc0 all
+block drop in on tun1000000 all
Added: head/sbin/pfctl/tests/files/pf0010.in
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0010.in Sat Jul 15 19:22:01 2017 (r321030)
@@ -0,0 +1,31 @@
+# return variants
+pass in inet proto icmp all
+pass in inet6 proto icmp6 all
+block in inet proto icmp all
+block in inet6 proto icmp6 all
+block return-rst in inet proto tcp all
+block return-rst in inet6 proto tcp all
+block return-rst(ttl 10) in inet proto tcp all
+block return-rst(ttl 10) in inet6 proto tcp all
+block return-icmp in inet proto icmp all
+block return-icmp(0) in inet proto icmp all
+block return-icmp(net-unr) in inet proto icmp all
+block return-icmp(5) in inet proto icmp all
+block return-icmp(srcfail) in inet proto icmp all
+block return-icmp(10) in inet proto icmp all
+block return-icmp(host-prohib) in inet proto icmp all
+block return-icmp(15) in inet proto icmp all
+block return-icmp(cutoff-preced) in inet proto icmp all
+block return-icmp6 in inet6 proto icmp6 all
+block return-icmp6(0) in inet6 proto icmp6 all
+block return-icmp6(noroute-unr) in inet6 proto icmp6 all
+block return-icmp6(1) in inet6 proto icmp6 all
+block return-icmp6(admin-unr) in inet6 proto icmp6 all
+block return-icmp6(2) in inet6 proto icmp6 all
+block return-icmp6(notnbr-unr) in inet6 proto icmp6 all
+block return-icmp6(3) in inet6 proto icmp6 all
+block return-icmp6(addr-unr) in inet6 proto icmp6 all
+block return-icmp6(4) in inet6 proto icmp6 all
+block return-icmp6(port-unr) in inet6 proto icmp6 all
+block return-icmp(5, 1) in all
+block return-icmp(srcfail, admin-unr) in all
Added: head/sbin/pfctl/tests/files/pf0010.ok
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0010.ok Sat Jul 15 19:22:01 2017 (r321030)
@@ -0,0 +1,30 @@
+pass in inet proto icmp all keep state
+pass in inet6 proto ipv6-icmp all keep state
+block drop in inet proto icmp all
+block drop in inet6 proto ipv6-icmp all
+block return-rst in inet proto tcp all
+block return-rst in inet6 proto tcp all
+block return-rst(ttl 10) in inet proto tcp all
+block return-rst(ttl 10) in inet6 proto tcp all
+block return-icmp(port-unr) in inet proto icmp all
+block return-icmp(net-unr) in inet proto icmp all
+block return-icmp(net-unr) in inet proto icmp all
+block return-icmp(srcfail) in inet proto icmp all
+block return-icmp(srcfail) in inet proto icmp all
+block return-icmp(host-prohib) in inet proto icmp all
+block return-icmp(host-prohib) in inet proto icmp all
+block return-icmp(cutoff-preced) in inet proto icmp all
+block return-icmp(cutoff-preced) in inet proto icmp all
+block return-icmp6(port-unr) in inet6 proto ipv6-icmp all
+block return-icmp6(noroute-unr) in inet6 proto ipv6-icmp all
+block return-icmp6(noroute-unr) in inet6 proto ipv6-icmp all
+block return-icmp6(admin-unr) in inet6 proto ipv6-icmp all
+block return-icmp6(admin-unr) in inet6 proto ipv6-icmp all
+block return-icmp6(notnbr-unr) in inet6 proto ipv6-icmp all
+block return-icmp6(notnbr-unr) in inet6 proto ipv6-icmp all
+block return-icmp6(addr-unr) in inet6 proto ipv6-icmp all
+block return-icmp6(addr-unr) in inet6 proto ipv6-icmp all
+block return-icmp6(port-unr) in inet6 proto ipv6-icmp all
+block return-icmp6(port-unr) in inet6 proto ipv6-icmp all
+block return-icmp(srcfail, admin-unr) in all
+block return-icmp(srcfail, admin-unr) in all
Added: head/sbin/pfctl/tests/files/pf0011.in
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0011.in Sat Jul 15 19:22:01 2017 (r321030)
@@ -0,0 +1,18 @@
+pass in inet proto icmp all icmp-type 0
+pass in inet proto icmp all icmp-type 0 code 0
+pass in inet proto icmp all icmp-type 1
+pass in inet proto icmp all icmp-type 1 code 1
+pass in inet6 proto ipv6-icmp all icmp6-type 0
+pass in inet6 proto ipv6-icmp all icmp6-type 0 code 0
+pass in inet6 proto ipv6-icmp all icmp6-type 1
+pass in inet6 proto ipv6-icmp all icmp6-type 1 code 1
+block in inet proto icmp all icmp-type 0
+block in inet proto icmp all icmp-type 0 code 0
+block in inet proto icmp all icmp-type 1
+block in inet proto icmp all icmp-type 1 code 1
+block in inet6 proto ipv6-icmp all icmp6-type 0
+block in inet6 proto ipv6-icmp all icmp6-type 0 code 0
+block in inet6 proto ipv6-icmp all icmp6-type 1
+block in inet6 proto ipv6-icmp all icmp6-type 1 code 1
+pass in inet proto icmp all icmp-type unreach code needfrag
+pass in inet6 proto ipv6-icmp all icmp6-type timex code reassemb
Added: head/sbin/pfctl/tests/files/pf0011.ok
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0011.ok Sat Jul 15 19:22:01 2017 (r321030)
@@ -0,0 +1,18 @@
+pass in inet proto icmp all icmp-type echorep keep state
+pass in inet proto icmp all icmp-type echorep code 0 keep state
+pass in inet proto icmp all icmp-type 1 keep state
+pass in inet proto icmp all icmp-type 1 code 1 keep state
+pass in inet6 proto ipv6-icmp all icmp6-type 0 keep state
+pass in inet6 proto ipv6-icmp all icmp6-type 0 code 0 keep state
+pass in inet6 proto ipv6-icmp all icmp6-type unreach keep state
+pass in inet6 proto ipv6-icmp all icmp6-type unreach code admin-unr keep state
+block drop in inet proto icmp all icmp-type echorep
+block drop in inet proto icmp all icmp-type echorep code 0
+block drop in inet proto icmp all icmp-type 1
+block drop in inet proto icmp all icmp-type 1 code 1
+block drop in inet6 proto ipv6-icmp all icmp6-type 0
+block drop in inet6 proto ipv6-icmp all icmp6-type 0 code 0
+block drop in inet6 proto ipv6-icmp all icmp6-type unreach
+block drop in inet6 proto ipv6-icmp all icmp6-type unreach code admin-unr
+pass in inet proto icmp all icmp-type unreach code needfrag keep state
+pass in inet6 proto ipv6-icmp all icmp6-type timex code reassemb keep state
Added: head/sbin/pfctl/tests/files/pf0012.in
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0012.in Sat Jul 15 19:22:01 2017 (r321030)
@@ -0,0 +1,5 @@
+pass in from 127.0.0.1 to 127.0.0.1/8 no state
+pass in from 127.0.0.1/16 to 127.0.0.1/24 no state
+pass in from 127.0.0.1/25 to ! 127.0.0.1/26
+pass in inet from ! localhost to localhost/16
+pass in inet from ! lo0 to ! lo0/8
Added: head/sbin/pfctl/tests/files/pf0012.ok
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0012.ok Sat Jul 15 19:22:01 2017 (r321030)
@@ -0,0 +1,5 @@
+pass in inet from 127.0.0.1 to 127.0.0.0/8 no state
+pass in inet from 127.0.0.0/16 to 127.0.0.0/24 no state
+pass in inet from 127.0.0.0/25 to ! 127.0.0.0/26 flags S/SA keep state
+pass in inet from ! 127.0.0.1 to 127.0.0.0/16 flags S/SA keep state
+pass in inet from ! 127.0.0.1 to ! 127.0.0.0/8 flags S/SA keep state
Added: head/sbin/pfctl/tests/files/pf0013.in
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0013.in Sat Jul 15 19:22:01 2017 (r321030)
@@ -0,0 +1,22 @@
+pass in quick on enc0 from any to any
+pass in quick on enc0 inet from any to any
+pass in quick on enc0 inet6 from any to any
+
+#pass out quick on tun1000000 inet from any to any route-to tun1000001
+#pass out quick on tun1000000 from any to 192.168.1.1 route-to tun1000001
+#pass out quick on tun1000000 from any to fec0::1 route-to tun1000001
+
+#pass in on tun1000000 proto tcp from any to any port = 21 dup-to (tun1000001 192.168.1.1)
+#pass in on tun1000000 proto tcp from any to any port = 21 dup-to (tun1000001 fec0::1)
+
+#pass in quick on tun1000000 from 192.168.1.1/32 to 10.1.1.1/32 route-to tun1000001
+#pass in quick on tun1000000 from fec0::1/64 to fec1::2/128 route-to tun1000001
+
+#pass in on tun1000000 proto tcp from any to any port = 21 reply-to (tun1000001 192.168.1.1)
+#pass in on tun1000000 proto tcp from any to any port = 21 reply-to (tun1000001 fec0::1)
+
+#pass in quick on tun1000000 from 192.168.1.1/32 to 10.1.1.1/32 reply-to tun1000001
+#pass in quick on tun1000000 from fec0::1/64 to fec1::2/128 reply-to tun1000001
+
+#pass in quick on tun1000000 from 192.168.1.1/32 to 10.1.1.1/32 dup-to (tun1000001 192.168.1.100)
+#pass in quick on tun1000000 from fec0::1/64 to fec1::2/128 dup-to (tun1000001 fec1::2)
Added: head/sbin/pfctl/tests/files/pf0013.ok
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0013.ok Sat Jul 15 19:22:01 2017 (r321030)
@@ -0,0 +1,3 @@
+pass in quick on enc0 all flags S/SA keep state
+pass in quick on enc0 inet all flags S/SA keep state
+pass in quick on enc0 inet6 all flags S/SA keep state
Added: head/sbin/pfctl/tests/files/pf0014.in
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0014.in Sat Jul 15 19:22:01 2017 (r321030)
@@ -0,0 +1,6 @@
+pass in quick on lo0 from fe80::1%lo0 to fe80::1%lo0
+pass in quick from fe80::1%lo0 to fe80::1%lo0
+pass in quick from fe80::1%lo0 to any
+pass in quick from any to fe80::1%lo0
+pass in quick on lo0 from fe80::1%lo0 to any
+pass in quick on lo0 from any to fe80::1%lo0
Added: head/sbin/pfctl/tests/files/pf0014.ok
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0014.ok Sat Jul 15 19:22:01 2017 (r321030)
@@ -0,0 +1,6 @@
+pass in quick on lo0 inet6 from fe80::1 to fe80::1 flags S/SA keep state
+pass in quick on lo0 inet6 from fe80::1 to fe80::1 flags S/SA keep state
+pass in quick on lo0 inet6 from fe80::1 to any flags S/SA keep state
+pass in quick on lo0 inet6 from any to fe80::1 flags S/SA keep state
+pass in quick on lo0 inet6 from fe80::1 to any flags S/SA keep state
+pass in quick on lo0 inet6 from any to fe80::1 flags S/SA keep state
Added: head/sbin/pfctl/tests/files/pf0016.in
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0016.in Sat Jul 15 19:22:01 2017 (r321030)
@@ -0,0 +1,5 @@
+# Test rule order processing: should fail unless nat -> filter
+#match out on lo0 from 192.168.1.1 to any nat-to 10.0.0.1
+#match in on lo0 proto tcp from any to 1.2.3.4/32 port 2222 rdr-to 10.0.0.10 port 22
+#match on lo0 from 192.168.1.1 to any binat-to 10.0.0.1
+pass in on lo1000000 from any to any no state
Added: head/sbin/pfctl/tests/files/pf0016.ok
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0016.ok Sat Jul 15 19:22:01 2017 (r321030)
@@ -0,0 +1 @@
+pass in on lo1000000 all no state
Added: head/sbin/pfctl/tests/files/pf0018.in
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0018.in Sat Jul 15 19:22:01 2017 (r321030)
@@ -0,0 +1,19 @@
+# test nat
+
+TEST_LIST1 = "{ 192.168.1.5, 192.168.1.6, 192.168.1.7 }"
+TEST_LIST2 = "{ 172.6.1.1, 172.14.1.2/32, 172.16.2.0/24 }"
+
+#match out on lo0 from 192.168.1.1 to any nat-to 10.0.0.1
+#match out on lo0 proto tcp from 192.168.1.2 to any nat-to 10.0.0.2
+#match out on lo0 proto udp from 192.168.1.3 to any nat-to 10.0.0.3
+#match out on lo0 proto icmp from 192.168.1.4 to any nat-to 10.0.0.4
+
+#match out on lo0 inet from $TEST_LIST1 to $TEST_LIST2 nat-to lo0
+
+#match out on lo0 inet from 192.168.0.1/24 to any nat-to (lo0)
+
+#match out on lo0 from 192.168.1.8 to ! 172.17.0.0/16 nat-to 10.0.0.8
+
+#match out on ! lo0 proto { udp, tcp } from any to any nat-to 10.0.0.8 static-port
+
+#match out on { lo0, tun1000000 } from any to any nat-to 10.0.0.8
Added: head/sbin/pfctl/tests/files/pf0018.ok
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0018.ok Sat Jul 15 19:22:01 2017 (r321030)
@@ -0,0 +1,2 @@
+TEST_LIST1 = "{ 192.168.1.5, 192.168.1.6, 192.168.1.7 }"
+TEST_LIST2 = "{ 172.6.1.1, 172.14.1.2/32, 172.16.2.0/24 }"
Added: head/sbin/pfctl/tests/files/pf0019.in
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0019.in Sat Jul 15 19:22:01 2017 (r321030)
@@ -0,0 +1,9 @@
+EVIL = "lo0"
+GOOD = "{ lo0, lo1000000 }"
+GOOD_NET = "{ 127.0.0.0/24, 10.0.1.0/24 }"
+DEST_NET = "{ 1.2.3.4/25, 2.4.6.8/30 }"
+
+#match in on lo0 proto tcp from any to 1.2.3.4/32 port 2222 rdr-to 10.0.0.10 port 22
+
+# Test list processing
+#match in on $GOOD proto tcp from $GOOD_NET to $DEST_NET port 21 rdr-to 127.0.0.1 port 8021
Added: head/sbin/pfctl/tests/files/pf0019.ok
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0019.ok Sat Jul 15 19:22:01 2017 (r321030)
@@ -0,0 +1,4 @@
+EVIL = "lo0"
+GOOD = "{ lo0, lo1000000 }"
+GOOD_NET = "{ 127.0.0.0/24, 10.0.1.0/24 }"
+DEST_NET = "{ 1.2.3.4/25, 2.4.6.8/30 }"
Added: head/sbin/pfctl/tests/files/pf0020.in
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0020.in Sat Jul 15 19:22:01 2017 (r321030)
@@ -0,0 +1,9 @@
+# Test whether list expansion in NAT/RDR works correctly
+
+EVIL = "lo0"
+GOOD = "{ lo0, lo1000000 }"
+GOOD_NET = "{ 127.0.0.0/24, 10.0.1.0/24 }"
+DEST_NET = "{ 1.2.3.4/25, 2.4.6.8/30 }"
+
+#match out on $EVIL inet from $GOOD_NET to $DEST_NET nat-to $EVIL
+#match in on $GOOD proto tcp from $GOOD_NET to $DEST_NET port 21 rdr-to 127.0.0.1 port 8021
Added: head/sbin/pfctl/tests/files/pf0020.ok
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0020.ok Sat Jul 15 19:22:01 2017 (r321030)
@@ -0,0 +1,4 @@
+EVIL = "lo0"
+GOOD = "{ lo0, lo1000000 }"
+GOOD_NET = "{ 127.0.0.0/24, 10.0.1.0/24 }"
+DEST_NET = "{ 1.2.3.4/25, 2.4.6.8/30 }"
Added: head/sbin/pfctl/tests/files/pf0022.in
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0022.in Sat Jul 15 19:22:01 2017 (r321030)
@@ -0,0 +1,8 @@
+set optimization aggressive
+set timeout { tcp.closing 6, tcp.opening 6 }
+set timeout tcp.first 6
+set limit states 500
+set limit {states 1000,frags 1000}
+set loginterface lo0
+set loginterface none
+set hostid 1
Added: head/sbin/pfctl/tests/files/pf0022.ok
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0022.ok Sat Jul 15 19:22:01 2017 (r321030)
@@ -0,0 +1,10 @@
+set optimization aggressive
+set timeout tcp.closing 6
+set timeout tcp.opening 6
+set timeout tcp.first 6
+set limit states 500
+set limit states 1000
+set limit frags 1000
+set loginterface lo0
+set loginterface none
+set hostid 0x00000001
Added: head/sbin/pfctl/tests/files/pf0023.in
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0023.in Sat Jul 15 19:22:01 2017 (r321030)
@@ -0,0 +1,2 @@
+#test negated interface matching
+block in on ! lo0 all
Added: head/sbin/pfctl/tests/files/pf0023.ok
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0023.ok Sat Jul 15 19:22:01 2017 (r321030)
@@ -0,0 +1 @@
+block drop in on ! lo0 all
Added: head/sbin/pfctl/tests/files/pf0024.in
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0024.in Sat Jul 15 19:22:01 2017 (r321030)
@@ -0,0 +1,8 @@
+#test variable concat
+a="ssh"
+b="ftp"
+c=$a $b
+d=$a $b $a $b
+e=$a $b $b "test" $a $b
+
+pass in proto tcp from any to any port { $c }
Added: head/sbin/pfctl/tests/files/pf0024.ok
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0024.ok Sat Jul 15 19:22:01 2017 (r321030)
@@ -0,0 +1,7 @@
+a = "ssh"
+b = "ftp"
+c = "ssh ftp"
+d = "ssh ftp ssh ftp"
+e = "ssh ftp ftp test ssh ftp"
+pass in proto tcp from any to any port = ssh flags S/SA keep state
+pass in proto tcp from any to any port = ftp flags S/SA keep state
Added: head/sbin/pfctl/tests/files/pf0025.in
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0025.in Sat Jul 15 19:22:01 2017 (r321030)
@@ -0,0 +1,4 @@
+antispoof for lo0
+antispoof log quick for lo0 inet
+antispoof for (lo0)
+antispoof log quick for (lo0) inet
Added: head/sbin/pfctl/tests/files/pf0025.ok
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0025.ok Sat Jul 15 19:22:01 2017 (r321030)
@@ -0,0 +1,5 @@
+block drop in on ! lo0 inet6 from ::1 to any
+block drop in on ! lo0 inet from 127.0.0.0/8 to any
+block drop in log quick on ! lo0 inet from 127.0.0.0/8 to any
+block drop in on ! lo0 from (lo0:network) to any
+block drop in log quick on ! lo0 inet from (lo0:network) to any
Added: head/sbin/pfctl/tests/files/pf0026.in
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0026.in Sat Jul 15 19:22:01 2017 (r321030)
@@ -0,0 +1,2 @@
+block in on lo0 inet from ! (lo0) to any
+block out on lo0 inet from any to ! (lo0)
Added: head/sbin/pfctl/tests/files/pf0026.ok
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0026.ok Sat Jul 15 19:22:01 2017 (r321030)
@@ -0,0 +1,2 @@
+block drop in on lo0 inet from ! (lo0) to any
+block drop out on lo0 inet from any to ! (lo0)
Added: head/sbin/pfctl/tests/files/pf0028.in
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0028.in Sat Jul 15 19:22:01 2017 (r321030)
@@ -0,0 +1,7 @@
+# test logging keywords, and log quick/quick log order
+block in log (all) quick on lo0 all
+block in quick log on lo0 all
+block in quick log (all) on lo0 all
+block in log quick on lo0 all
+block in log on lo0 all
+block in log (all) on lo0 all
Added: head/sbin/pfctl/tests/files/pf0028.ok
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0028.ok Sat Jul 15 19:22:01 2017 (r321030)
@@ -0,0 +1,6 @@
+block drop in log (all) quick on lo0 all
+block drop in log quick on lo0 all
+block drop in log (all) quick on lo0 all
+block drop in log quick on lo0 all
+block drop in log on lo0 all
+block drop in log (all) on lo0 all
Added: head/sbin/pfctl/tests/files/pf0030.in
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0030.in Sat Jul 15 19:22:01 2017 (r321030)
@@ -0,0 +1,7 @@
+#test line continuation
+
+block \
+ in \
+ on lo0 \
+ from any \
+ to any
Added: head/sbin/pfctl/tests/files/pf0030.ok
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0030.ok Sat Jul 15 19:22:01 2017 (r321030)
@@ -0,0 +1 @@
+block drop in on lo0 all
Added: head/sbin/pfctl/tests/files/pf0031.in
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0031.in Sat Jul 15 19:22:01 2017 (r321030)
@@ -0,0 +1,21 @@
+set block-policy drop
+block return in on lo0 all
+block return in on lo0 inet all
+block return in on lo0 inet6 all
+block drop in on lo0 all
+block drop in on lo0 inet all
+block drop in on lo0 inet6 all
+block in on lo0 all
+block in on lo0 inet all
+block in on lo0 inet6 all
+#set block-policy return
+block return in on lo0 all
+block return in on lo0 inet all
+block return in on lo0 inet6 all
+block drop in on lo0 all
+block drop in on lo0 inet all
+block drop in on lo0 inet6 all
+block in on lo0 all
+block in on lo0 inet all
+block in on lo0 inet6 all
+
Added: head/sbin/pfctl/tests/files/pf0031.ok
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0031.ok Sat Jul 15 19:22:01 2017 (r321030)
@@ -0,0 +1,19 @@
+set block-policy drop
+block return in on lo0 all
+block return in on lo0 inet all
+block return in on lo0 inet6 all
+block drop in on lo0 all
+block drop in on lo0 inet all
+block drop in on lo0 inet6 all
+block drop in on lo0 all
+block drop in on lo0 inet all
+block drop in on lo0 inet6 all
+block return in on lo0 all
+block return in on lo0 inet all
+block return in on lo0 inet6 all
+block drop in on lo0 all
+block drop in on lo0 inet all
+block drop in on lo0 inet6 all
+block drop in on lo0 all
+block drop in on lo0 inet all
+block drop in on lo0 inet6 all
Added: head/sbin/pfctl/tests/files/pf0032.in
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0032.in Sat Jul 15 19:22:01 2017 (r321030)
@@ -0,0 +1,7 @@
+pass in from 10/8 to any
+pass in from 10.1/8 to any
+pass in from 192.168.37.29/25 to any
+pass in from 192.168.37.29/24 to any
+pass in from 192.168.37.29/16 to any
+pass in from 192.168.37.29/8 to any
+
Added: head/sbin/pfctl/tests/files/pf0032.ok
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0032.ok Sat Jul 15 19:22:01 2017 (r321030)
@@ -0,0 +1,6 @@
+pass in inet from 10.0.0.0/8 to any flags S/SA keep state
+pass in inet from 10.0.0.0/8 to any flags S/SA keep state
+pass in inet from 192.168.37.0/25 to any flags S/SA keep state
+pass in inet from 192.168.37.0/24 to any flags S/SA keep state
+pass in inet from 192.168.0.0/16 to any flags S/SA keep state
+pass in inet from 192.0.0.0/8 to any flags S/SA keep state
Added: head/sbin/pfctl/tests/files/pf0034.in
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0034.in Sat Jul 15 19:22:01 2017 (r321030)
@@ -0,0 +1,5 @@
+#mixed af, probability
+pass in from any to { 127.0.0.1, 2000::1 }
+pass in probability 0.5
+pass in probability 50%
+pass in inet6 proto tcp from ::1 probability 0.8%
Added: head/sbin/pfctl/tests/files/pf0034.ok
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0034.ok Sat Jul 15 19:22:01 2017 (r321030)
@@ -0,0 +1,5 @@
+pass in inet from any to 127.0.0.1 flags S/SA keep state
+pass in inet6 from any to 2000::1 flags S/SA keep state
+pass in all flags S/SA keep state probability 50%
+pass in all flags S/SA keep state probability 50%
+pass in inet6 proto tcp from ::1 to any flags S/SA keep state probability 0.8%
Added: head/sbin/pfctl/tests/files/pf0035.in
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0035.in Sat Jul 15 19:22:01 2017 (r321030)
@@ -0,0 +1,5 @@
+#test matching on tos
+
+intf = "lo0"
+pass out on $intf inet proto tcp from any to any port 22 tos 0x10
+pass out on $intf inet proto tcp from any to any port 22 tos 0x08
Added: head/sbin/pfctl/tests/files/pf0035.ok
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0035.ok Sat Jul 15 19:22:01 2017 (r321030)
@@ -0,0 +1,3 @@
+intf = "lo0"
+pass out on lo0 inet proto tcp from any to any port = ssh flags S/SA tos 0x10 keep state
+pass out on lo0 inet proto tcp from any to any port = ssh flags S/SA tos 0x08 keep state
Added: head/sbin/pfctl/tests/files/pf0038.in
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0038.in Sat Jul 15 19:22:01 2017 (r321030)
@@ -0,0 +1,5 @@
+# test
+
+pass in on tun1000000 proto tcp from any to any user bin
+pass in on tun1000000 proto tcp from any to any group bin
+pass in on tun1000000 proto tcp from any to any group wheel user root user bin
Added: head/sbin/pfctl/tests/files/pf0038.ok
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0038.ok Sat Jul 15 19:22:01 2017 (r321030)
@@ -0,0 +1,4 @@
+pass in on tun1000000 proto tcp all user = 3 flags S/SA keep state
+pass in on tun1000000 proto tcp all group = 7 flags S/SA keep state
+pass in on tun1000000 proto tcp all user = 3 group = 0 flags S/SA keep state
+pass in on tun1000000 proto tcp all user = 0 group = 0 flags S/SA keep state
Added: head/sbin/pfctl/tests/files/pf0039.in
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0039.in Sat Jul 15 19:22:01 2017 (r321030)
@@ -0,0 +1,25 @@
+#test random ordered opts
+
+body1="pass in log quick on lo0 inet proto icmp all "
+body2="pass in log quick on lo0 inet proto tcp all "
+o_user="user root "
+o_user2="user bin "
+o_group="group wheel "
+o_group2="group nobody "
+o_flags="flags S/SA "
+o_icmpspec="icmp-type 0 code 0 "
+o_tos="tos 0x08 "
+o_keep="keep state "
+o_fragment="fragment "
+o_allowopts="allow-opts "
+o_label="label blah"
+o_prio="set prio 2"
+
+$body2 $o_fragment $o_keep $o_label $o_tos
+$body2 $o_user $o_prio $o_tos $o_keep $o_group $o_label $o_allowopts \
+$o_user2 $o_group2
+$body1 $o_icmpspec $o_keep $o_label $o_prio
+$body2 $o_keep
+$body2 $o_label $o_keep $o_prio $o_tos
+$body1 $o_icmpspec $o_tos
+$body2 $o_flags $o_allowopts
Added: head/sbin/pfctl/tests/files/pf0039.ok
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0039.ok Sat Jul 15 19:22:01 2017 (r321030)
@@ -0,0 +1,24 @@
+body1 = "pass in log quick on lo0 inet proto icmp all "
+body2 = "pass in log quick on lo0 inet proto tcp all "
+o_user = "user root "
+o_user2 = "user bin "
+o_group = "group wheel "
+o_group2 = "group nobody "
+o_flags = "flags S/SA "
+o_icmpspec = "icmp-type 0 code 0 "
+o_tos = "tos 0x08 "
+o_keep = "keep state "
+o_fragment = "fragment "
+o_allowopts = "allow-opts "
+o_label = "label blah"
+o_prio = "set prio 2"
+pass in log quick on lo0 inet proto tcp all tos 0x08 keep state fragment label "blah"
+pass in log quick on lo0 inet proto tcp all user = 3 group = 65534 flags S/SA tos 0x08 set ( prio 2 ) keep state allow-opts label "blah"
+pass in log quick on lo0 inet proto tcp all user = 3 group = 0 flags S/SA tos 0x08 set ( prio 2 ) keep state allow-opts label "blah"
+pass in log quick on lo0 inet proto tcp all user = 0 group = 65534 flags S/SA tos 0x08 set ( prio 2 ) keep state allow-opts label "blah"
+pass in log quick on lo0 inet proto tcp all user = 0 group = 0 flags S/SA tos 0x08 set ( prio 2 ) keep state allow-opts label "blah"
+pass in log quick on lo0 inet proto icmp all icmp-type echorep code 0 set ( prio 2 ) keep state label "blah"
+pass in log quick on lo0 inet proto tcp all flags S/SA keep state
+pass in log quick on lo0 inet proto tcp all flags S/SA tos 0x08 set ( prio 2 ) keep state label "blah"
+pass in log quick on lo0 inet proto icmp all icmp-type echorep code 0 tos 0x08 keep state
+pass in log quick on lo0 inet proto tcp all flags S/SA keep state allow-opts
Added: head/sbin/pfctl/tests/files/pf0040.in
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0040.in Sat Jul 15 19:22:01 2017 (r321030)
@@ -0,0 +1,20 @@
+block
+block return
+block return-rst proto tcp
+pass
+pass in no state
+pass out no state
+pass all no state
+block in all
+block out all
+block from any to any
+pass in from any to any
+pass out from any to any
+block on lo0
+pass on lo0 all
+block on lo0 from any to any
+pass proto tcp flags S/SA
+pass proto udp keep state
+pass in proto udp all keep state
+pass out proto udp from any to any keep state
+pass out on lo0 proto tcp from any to any port 25 keep state
Added: head/sbin/pfctl/tests/files/pf0040.ok
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0040.ok Sat Jul 15 19:22:01 2017 (r321030)
@@ -0,0 +1,20 @@
+block drop all
+block return all
+block return-rst proto tcp all
+pass all flags S/SA keep state
+pass in all no state
+pass out all no state
+pass all no state
+block drop in all
+block drop out all
+block drop all
+pass in all flags S/SA keep state
+pass out all flags S/SA keep state
+block drop on lo0 all
+pass on lo0 all flags S/SA keep state
+block drop on lo0 all
+pass proto tcp all flags S/SA keep state
+pass proto udp all keep state
+pass in proto udp all keep state
+pass out proto udp all keep state
+pass out on lo0 proto tcp from any to any port = smtp flags S/SA keep state
Added: head/sbin/pfctl/tests/files/pf0041.in
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0041.in Sat Jul 15 19:22:01 2017 (r321030)
@@ -0,0 +1,12 @@
+anchor foo
+anchor bar all
+anchor bar from any to any
+anchor foo inet
+anchor foo inet6
+anchor foo inet all
+anchor foo proto tcp
+anchor foo inet proto tcp from 10.1.2.3 port smtp to 10.2.3.4 port ssh
+anchor foobar inet6 proto udp from ::1 port 1 to ::1 port 2
+anchor filteropt out proto tcp to any port 22 user root
+anchor filteropt in proto tcp to (self) port 22 group sshd
+anchor filteropt out inet proto icmp all icmp-type echoreq
Added: head/sbin/pfctl/tests/files/pf0041.ok
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0041.ok Sat Jul 15 19:22:01 2017 (r321030)
@@ -0,0 +1,12 @@
+anchor "foo" all
+anchor "bar" all
+anchor "bar" all
+anchor "foo" inet all
+anchor "foo" inet6 all
+anchor "foo" inet all
+anchor "foo" proto tcp all
+anchor "foo" inet proto tcp from 10.1.2.3 port = smtp to 10.2.3.4 port = ssh
+anchor "foobar" inet6 proto udp from ::1 port = tcpmux to ::1 port = compressnet
+anchor "filteropt" out proto tcp from any to any port = ssh user = 0
+anchor "filteropt" in proto tcp from any to (self) port = ssh group = 22
+anchor "filteropt" out inet proto icmp all icmp-type echoreq
Added: head/sbin/pfctl/tests/files/pf0047.in
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sbin/pfctl/tests/files/pf0047.in Sat Jul 15 19:22:01 2017 (r321030)
@@ -0,0 +1,67 @@
+pass in on lo0 all label ""
+
+pass in all label "$if"
+pass in on lo0 all label "$if"
+pass in on lo0 all label "$if$if"
+
+pass in on lo0 all label "$srcaddr"
+pass in on lo0 from 0/0 to any label "$srcaddr"
+pass in on lo0 from 127.0.0.1 to any label "$srcaddr"
+pass in on lo0 from 127.0.0.1 to any label "$srcaddr$srcaddr"
+pass in on lo0 from 127.0.0.1 to any label ":$srcaddr:$srcaddr:"
+pass in on lo0 from 127.0.0.1/8 to any label "$srcaddr"
+pass in on lo0 from 127.0.0.1/16 to any label "$srcaddr$srcaddr"
+pass in on lo0 from 127.0.0.1/31 to any label ":$srcaddr:$srcaddr:"
+pass in on lo0 inet6 from fe80::1 to any label "$srcaddr"
+pass in on lo0 inet6 from fe80::1 to any label "$srcaddr$srcaddr"
+pass in on lo0 inet6 from fe80::1 to any label ":$srcaddr:$srcaddr:"
+pass in on lo0 inet6 from lo0/8 to any label "$srcaddr"
+pass in on lo0 inet6 from lo0/64 to any label "$srcaddr$srcaddr"
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-src-all
mailing list