Index: head/etc/mtree/BSD.tests.dist =================================================================== --- head/etc/mtree/BSD.tests.dist (revision 321029) +++ head/etc/mtree/BSD.tests.dist (revision 321030) @@ -1,738 +1,742 @@ # $FreeBSD$ # # Please see the file src/etc/mtree/README before making changes to this file. # /set type=dir uname=root gname=wheel mode=0755 . bin cat .. chmod .. date .. dd .. echo .. expr .. ln .. ls .. mv .. pax .. pkill .. pwait .. sh builtins .. errors .. execution .. expansion .. parameters .. parser .. set-e .. .. sleep .. test .. .. cddl lib .. sbin .. usr.bin .. usr.sbin dtrace common aggs .. arithmetic .. arrays .. assocs .. begin .. bitfields .. buffering .. builtinvar .. cg .. clauses .. cpc .. decls .. drops .. dtraceUtil .. end .. enum .. error .. exit .. fbtprovider .. funcs .. grammar .. include .. inline .. io .. ip .. java_api .. json .. lexer .. llquantize .. mdb .. mib .. misc .. multiaggs .. offsetof .. operators .. pid .. plockstat .. pointers .. pragma .. predicates .. preprocessor .. print .. printa .. printf .. privs .. probes .. proc .. profile-n .. providers .. raise .. rates .. safety .. scalars .. sched .. scripting .. sdt .. sizeof .. speculation .. stability .. stack .. stackdepth .. stop .. strlen .. strtoll .. struct .. sugar .. syscall .. sysevent .. tick-n .. trace .. tracemem .. translators .. typedef .. types .. uctf .. union .. usdt .. ustack .. vars .. version .. .. .. zfsd .. .. .. etc rc.d .. .. games .. gnu lib .. usr.bin diff .. .. .. lib atf libatf-c detail .. .. libatf-c++ detail .. .. test-programs .. .. libarchive .. libc c063 .. db .. gen execve .. posix_spawn .. .. hash data .. .. iconv .. inet .. locale .. net getaddrinfo data .. .. .. nss .. regex data .. .. resolv .. rpc .. ssp .. setjmp .. stdio .. stdlib .. string .. sys .. time .. tls dso .. .. termios .. ttyio .. .. libcam .. libcasper services cap_dns .. cap_grp .. cap_pwd .. cap_sysctl .. .. .. libcrypt .. libdevdctl .. libkvm .. libmp .. libnv .. libproc .. librt .. libsbuf .. libthr dlopen .. .. libutil .. libxo .. msun .. .. libexec atf atf-check .. atf-sh .. .. rtld-elf .. .. sbin dhclient .. devd .. growfs .. ifconfig .. mdconfig .. + pfctl + files + .. + .. .. secure lib .. libexec .. usr.bin .. usr.sbin .. .. share examples tests atf .. plain .. tap .. .. .. zoneinfo .. .. sys acl .. aio .. fifo .. file .. fs tmpfs .. .. geom class concat .. eli .. gate .. gpt .. mirror .. nop .. raid3 .. shsec .. stripe .. uzip etalon .. .. .. .. kern acct .. execve .. pipe .. .. kqueue libkqueue .. .. mac bsdextended .. portacl .. .. mqueue .. netinet .. opencrypto .. pjdfstest chflags .. chmod .. chown .. ftruncate .. granular .. link .. mkdir .. mkfifo .. mknod .. open .. rename .. rmdir .. symlink .. truncate .. unlink .. utimensat .. .. posixshm .. sys .. vfs .. vm .. .. usr.bin apply .. basename .. bmake archives fmt_44bsd .. fmt_44bsd_mod .. fmt_oldbsd .. .. basic t0 .. t1 .. t2 .. t3 .. .. execution ellipsis .. empty .. joberr .. plus .. .. shell builtin .. meta .. path .. path_select .. replace .. select .. .. suffixes basic .. src_wild1 .. src_wild2 .. .. syntax directive-t0 .. enl .. funny-targets .. semi .. .. sysmk t0 2 1 .. .. mk .. .. t1 2 1 .. .. mk .. .. t2 2 1 .. .. mk .. .. .. variables modifier_M .. modifier_t .. opt_V .. t0 .. .. .. bsdcat .. calendar .. cmp .. compress .. cpio .. col .. comm .. csplit .. cut .. diff .. dirname .. du .. file2c .. getconf .. grep .. gzip .. hexdump .. ident .. indent .. join .. jot .. lastcomm .. limits .. m4 .. mkimg .. ncal .. opensm .. pr .. printf .. procstat .. sdiff .. sed regress.multitest.out .. .. soelim .. stat .. tail .. tar .. timeout .. tr .. truncate .. units .. uudecode .. uuencode .. uniq .. xargs .. xinstall .. xo .. yacc yacc .. .. .. usr.sbin chown .. etcupdate .. extattr .. fstyp .. makefs .. newsyslog .. nmtree .. pw .. rpcbind .. sa .. .. .. # vim: set expandtab ts=4 sw=4: Index: head/sbin/pfctl/Makefile =================================================================== --- head/sbin/pfctl/Makefile (revision 321029) +++ head/sbin/pfctl/Makefile (revision 321030) @@ -1,34 +1,38 @@ # $FreeBSD$ .include # pf_ruleset.c is shared between kernel and pfctl .PATH: ${SRCTOP}/sys/netpfil/pf PACKAGE=pf PROG= pfctl MAN= pfctl.8 SRCS = pfctl.c parse.y pfctl_parser.c pf_print_state.c pfctl_altq.c SRCS+= pfctl_osfp.c pfctl_radix.c pfctl_table.c pfctl_qstats.c SRCS+= pfctl_optimize.c SRCS+= pf_ruleset.c WARNS?= 2 CFLAGS+= -Wall -Wmissing-prototypes -Wno-uninitialized CFLAGS+= -Wstrict-prototypes CFLAGS+= -DENABLE_ALTQ -I${.CURDIR} # Need to use "WITH_" prefix to not conflict with the l/y INET/INET6 keywords .if ${MK_INET6_SUPPORT} != "no" CFLAGS+= -DWITH_INET6 .endif .if ${MK_INET_SUPPORT} != "no" CFLAGS+= -DWITH_INET .endif YFLAGS= LIBADD= m md +.if ${MK_TESTS} != "no" +SUBDIR+= tests +.endif + .include Index: head/sbin/pfctl/tests/Makefile =================================================================== --- head/sbin/pfctl/tests/Makefile (nonexistent) +++ head/sbin/pfctl/tests/Makefile (revision 321030) @@ -0,0 +1,7 @@ +# $FreeBSD$ + +ATF_TESTS_SH= pfctl_test + +SUBDIR+= files + +.include Property changes on: head/sbin/pfctl/tests/Makefile ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:keywords ## -0,0 +1 ## +FreeBSD=%H \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/sbin/pfctl/tests/files/Makefile =================================================================== --- head/sbin/pfctl/tests/files/Makefile (nonexistent) +++ head/sbin/pfctl/tests/files/Makefile (revision 321030) @@ -0,0 +1,12 @@ +# $FreeBSD$ + +TESTSDIR= ${TESTSBASE}/sbin/pfctl/files +BINDIR= ${TESTSDIR} + +# We use ${.CURDIR} as workaround so that the glob patterns work. +FILES= ${.CURDIR}/pf????.in +FILES+= ${.CURDIR}/pf????.include +FILES+= ${.CURDIR}/pf????.ok +FILES+= ${.CURDIR}/pfctl_test_descr.sh + +.include Property changes on: head/sbin/pfctl/tests/files/Makefile ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:keywords ## -0,0 +1 ## +FreeBSD=%H \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0001.in =================================================================== --- head/sbin/pfctl/tests/files/pf0001.in (nonexistent) +++ head/sbin/pfctl/tests/files/pf0001.in (revision 321030) @@ -0,0 +1,8 @@ +pass in all +pass in from any to any no state +pass in proto tcp from any port <= 1024 to any label foo_bar +pass in proto tcp from any to any port = 25 +pass in proto tcp from 10.0.0.0/8 port > 1024 to ! 10.1.2.3 port != 22 +pass in proto igmp from 10.0.0.0/8 to 10.1.1.1 allow-opts +pass in proto tcp from { 1.2.3.4, 1.2.3.5 } to any label \ +"$nr:$proto:$srcaddr:$srcport:$dstaddr:$dstport" Property changes on: head/sbin/pfctl/tests/files/pf0001.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0001.ok =================================================================== --- head/sbin/pfctl/tests/files/pf0001.ok (nonexistent) +++ head/sbin/pfctl/tests/files/pf0001.ok (revision 321030) @@ -0,0 +1,8 @@ +pass in all flags S/SA keep state +pass in all no state +pass in proto tcp from any port <= 1024 to any flags S/SA keep state label "foo_bar" +pass in proto tcp from any to any port = smtp flags S/SA keep state +pass in inet proto tcp from 10.0.0.0/8 port > 1024 to ! 10.1.2.3 port != ssh flags S/SA keep state +pass in inet proto igmp from 10.0.0.0/8 to 10.1.1.1 keep state allow-opts +pass in inet proto tcp from 1.2.3.4 to any flags S/SA keep state label "6:tcp:1.2.3.4::any:" +pass in inet proto tcp from 1.2.3.5 to any flags S/SA keep state label "7:tcp:1.2.3.5::any:" Property changes on: head/sbin/pfctl/tests/files/pf0001.ok ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0002.in =================================================================== --- head/sbin/pfctl/tests/files/pf0002.in (nonexistent) +++ head/sbin/pfctl/tests/files/pf0002.in (revision 321030) @@ -0,0 +1,34 @@ +# test + +block out log on tun1000000 all +block in log on tun1000000 all + +block return-rst out log on tun1000000 proto tcp all +block return-rst in log on tun1000000 proto tcp all +block return-icmp out log on tun1000000 proto udp all +block return-icmp in log on tun1000000 proto udp all + +block out log quick on tun1000000 from ! 157.161.48.183 to any + +block in quick on tun1000000 from any to 255.255.255.255 + +block in log quick on tun1000000 from 10.0.0.0/8 to any +block in log quick on tun1000000 from 172.16.0.0/12 to any +block in quick log on tun1000000 from 192.168.0.0/16 to any +block in quick log on tun1000000 from 255.255.255.255/32 to any + +block in log quick from no-route to any + +pass out on tun1000000 inet proto icmp all icmp-type 8 code 0 keep state +pass in on tun1000000 inet proto icmp all icmp-type 8 code 0 keep state + +pass out on tun1000000 proto udp all keep state + +pass in on tun1000000 proto udp from any to any port = domain keep state + +pass out on tun1000000 proto tcp all keep state + +pass in on tun1000000 proto tcp from any to any port = ssh keep state +pass in on tun1000000 proto tcp from any to any port = smtp keep state +pass in on tun1000000 proto tcp from any to any port = domain keep state +pass in on tun1000000 proto tcp from any to any port = auth keep state Property changes on: head/sbin/pfctl/tests/files/pf0002.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0002.ok =================================================================== --- head/sbin/pfctl/tests/files/pf0002.ok (nonexistent) +++ head/sbin/pfctl/tests/files/pf0002.ok (revision 321030) @@ -0,0 +1,22 @@ +block drop out log on tun1000000 all +block drop in log on tun1000000 all +block return-rst out log on tun1000000 proto tcp all +block return-rst in log on tun1000000 proto tcp all +block return-icmp(port-unr, port-unr) out log on tun1000000 proto udp all +block return-icmp(port-unr, port-unr) in log on tun1000000 proto udp all +block drop out log quick on tun1000000 inet from ! 157.161.48.183 to any +block drop in quick on tun1000000 inet from any to 255.255.255.255 +block drop in log quick on tun1000000 inet from 10.0.0.0/8 to any +block drop in log quick on tun1000000 inet from 172.16.0.0/12 to any +block drop in log quick on tun1000000 inet from 192.168.0.0/16 to any +block drop in log quick on tun1000000 inet from 255.255.255.255 to any +block drop in log quick from no-route to any +pass out on tun1000000 inet proto icmp all icmp-type echoreq code 0 keep state +pass in on tun1000000 inet proto icmp all icmp-type echoreq code 0 keep state +pass out on tun1000000 proto udp all keep state +pass in on tun1000000 proto udp from any to any port = domain keep state +pass out on tun1000000 proto tcp all flags S/SA keep state +pass in on tun1000000 proto tcp from any to any port = ssh flags S/SA keep state +pass in on tun1000000 proto tcp from any to any port = smtp flags S/SA keep state +pass in on tun1000000 proto tcp from any to any port = domain flags S/SA keep state +pass in on tun1000000 proto tcp from any to any port = auth flags S/SA keep state Property changes on: head/sbin/pfctl/tests/files/pf0002.ok ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0003.in =================================================================== --- head/sbin/pfctl/tests/files/pf0003.in (nonexistent) +++ head/sbin/pfctl/tests/files/pf0003.in (revision 321030) @@ -0,0 +1,13 @@ +pass in all +pass in from any to any + +block in proto tcp from any to any flags FUPEW/FSRPAUEW +block in proto tcp from any to any flags SF/SFRA +block in proto tcp from any to any flags /SFRAW + +pass in proto { udp, icmp, tcp } from any to any flags S/SA +pass in from any to any flags S/SA no state +pass in from any to any flags any no state +pass in from any to any flags any +pass in from any to any keep state +pass in from any to any Property changes on: head/sbin/pfctl/tests/files/pf0003.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0003.ok =================================================================== --- head/sbin/pfctl/tests/files/pf0003.ok (nonexistent) +++ head/sbin/pfctl/tests/files/pf0003.ok (revision 321030) @@ -0,0 +1,13 @@ +pass in all flags S/SA keep state +pass in all flags S/SA keep state +block drop in proto tcp all flags FPUEW/FSRPAUEW +block drop in proto tcp all flags FS/FSRA +block drop in proto tcp all flags /FSRAW +pass in proto udp all keep state +pass in proto icmp all keep state +pass in proto tcp all flags S/SA keep state +pass in all flags S/SA no state +pass in all no state +pass in all flags any keep state +pass in all flags S/SA keep state +pass in all flags S/SA keep state Property changes on: head/sbin/pfctl/tests/files/pf0003.ok ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0004.in =================================================================== --- head/sbin/pfctl/tests/files/pf0004.in (nonexistent) +++ head/sbin/pfctl/tests/files/pf0004.in (revision 321030) @@ -0,0 +1,16 @@ +block in all +block in proto tcp all +block in proto { tcp, udp } all + +block in from any to any +block in from 10.0.0.0/8 to any +block in from ! 10.0.0.0/8 to any +block in from { 10.0.0.0/8, 172.16.0.0/12 } to any + +block in proto tcp from any port = ssh to any +block in proto tcp from any port { ssh, ftp >< 2048, != 1234, >= www } \ + to any port 1024:2048 + +block in proto { tcp, udp } from { 10.0.0.0/8, 172.16.0.0/12 } port { ssh, ftp } \ + to { 192.168.0.0/16, 12.34.56.78 } port { 6667, 6668, 6669:65535 } + Property changes on: head/sbin/pfctl/tests/files/pf0004.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0004.ok =================================================================== --- head/sbin/pfctl/tests/files/pf0004.ok (nonexistent) +++ head/sbin/pfctl/tests/files/pf0004.ok (revision 321030) @@ -0,0 +1,62 @@ +block drop in all +block drop in proto tcp all +block drop in proto tcp all +block drop in proto udp all +block drop in all +block drop in inet from 10.0.0.0/8 to any +block drop in inet from ! 10.0.0.0/8 to any +block drop in inet from 10.0.0.0/8 to any +block drop in inet from 172.16.0.0/12 to any +block drop in proto tcp from any port = ssh to any +block drop in proto tcp from any port = ssh to any port 1024:2048 +block drop in proto tcp from any port 21 >< 2048 to any port 1024:2048 +block drop in proto tcp from any port != 1234 to any port 1024:2048 +block drop in proto tcp from any port >= 80 to any port 1024:2048 +block drop in inet proto tcp from 10.0.0.0/8 port = ssh to 192.168.0.0/16 port = ircd +block drop in inet proto tcp from 10.0.0.0/8 port = ssh to 192.168.0.0/16 port = 6668 +block drop in inet proto tcp from 10.0.0.0/8 port = ssh to 192.168.0.0/16 port 6669:65535 +block drop in inet proto tcp from 10.0.0.0/8 port = ssh to 12.34.56.78 port = ircd +block drop in inet proto tcp from 10.0.0.0/8 port = ssh to 12.34.56.78 port = 6668 +block drop in inet proto tcp from 10.0.0.0/8 port = ssh to 12.34.56.78 port 6669:65535 +block drop in inet proto tcp from 10.0.0.0/8 port = ftp to 192.168.0.0/16 port = ircd +block drop in inet proto tcp from 10.0.0.0/8 port = ftp to 192.168.0.0/16 port = 6668 +block drop in inet proto tcp from 10.0.0.0/8 port = ftp to 192.168.0.0/16 port 6669:65535 +block drop in inet proto tcp from 10.0.0.0/8 port = ftp to 12.34.56.78 port = ircd +block drop in inet proto tcp from 10.0.0.0/8 port = ftp to 12.34.56.78 port = 6668 +block drop in inet proto tcp from 10.0.0.0/8 port = ftp to 12.34.56.78 port 6669:65535 +block drop in inet proto tcp from 172.16.0.0/12 port = ssh to 192.168.0.0/16 port = ircd +block drop in inet proto tcp from 172.16.0.0/12 port = ssh to 192.168.0.0/16 port = 6668 +block drop in inet proto tcp from 172.16.0.0/12 port = ssh to 192.168.0.0/16 port 6669:65535 +block drop in inet proto tcp from 172.16.0.0/12 port = ssh to 12.34.56.78 port = ircd +block drop in inet proto tcp from 172.16.0.0/12 port = ssh to 12.34.56.78 port = 6668 +block drop in inet proto tcp from 172.16.0.0/12 port = ssh to 12.34.56.78 port 6669:65535 +block drop in inet proto tcp from 172.16.0.0/12 port = ftp to 192.168.0.0/16 port = ircd +block drop in inet proto tcp from 172.16.0.0/12 port = ftp to 192.168.0.0/16 port = 6668 +block drop in inet proto tcp from 172.16.0.0/12 port = ftp to 192.168.0.0/16 port 6669:65535 +block drop in inet proto tcp from 172.16.0.0/12 port = ftp to 12.34.56.78 port = ircd +block drop in inet proto tcp from 172.16.0.0/12 port = ftp to 12.34.56.78 port = 6668 +block drop in inet proto tcp from 172.16.0.0/12 port = ftp to 12.34.56.78 port 6669:65535 +block drop in inet proto udp from 10.0.0.0/8 port = ssh to 192.168.0.0/16 port = 6667 +block drop in inet proto udp from 10.0.0.0/8 port = ssh to 192.168.0.0/16 port = 6668 +block drop in inet proto udp from 10.0.0.0/8 port = ssh to 192.168.0.0/16 port 6669:65535 +block drop in inet proto udp from 10.0.0.0/8 port = ssh to 12.34.56.78 port = 6667 +block drop in inet proto udp from 10.0.0.0/8 port = ssh to 12.34.56.78 port = 6668 +block drop in inet proto udp from 10.0.0.0/8 port = ssh to 12.34.56.78 port 6669:65535 +block drop in inet proto udp from 10.0.0.0/8 port = ftp to 192.168.0.0/16 port = 6667 +block drop in inet proto udp from 10.0.0.0/8 port = ftp to 192.168.0.0/16 port = 6668 +block drop in inet proto udp from 10.0.0.0/8 port = ftp to 192.168.0.0/16 port 6669:65535 +block drop in inet proto udp from 10.0.0.0/8 port = ftp to 12.34.56.78 port = 6667 +block drop in inet proto udp from 10.0.0.0/8 port = ftp to 12.34.56.78 port = 6668 +block drop in inet proto udp from 10.0.0.0/8 port = ftp to 12.34.56.78 port 6669:65535 +block drop in inet proto udp from 172.16.0.0/12 port = ssh to 192.168.0.0/16 port = 6667 +block drop in inet proto udp from 172.16.0.0/12 port = ssh to 192.168.0.0/16 port = 6668 +block drop in inet proto udp from 172.16.0.0/12 port = ssh to 192.168.0.0/16 port 6669:65535 +block drop in inet proto udp from 172.16.0.0/12 port = ssh to 12.34.56.78 port = 6667 +block drop in inet proto udp from 172.16.0.0/12 port = ssh to 12.34.56.78 port = 6668 +block drop in inet proto udp from 172.16.0.0/12 port = ssh to 12.34.56.78 port 6669:65535 +block drop in inet proto udp from 172.16.0.0/12 port = ftp to 192.168.0.0/16 port = 6667 +block drop in inet proto udp from 172.16.0.0/12 port = ftp to 192.168.0.0/16 port = 6668 +block drop in inet proto udp from 172.16.0.0/12 port = ftp to 192.168.0.0/16 port 6669:65535 +block drop in inet proto udp from 172.16.0.0/12 port = ftp to 12.34.56.78 port = 6667 +block drop in inet proto udp from 172.16.0.0/12 port = ftp to 12.34.56.78 port = 6668 +block drop in inet proto udp from 172.16.0.0/12 port = ftp to 12.34.56.78 port 6669:65535 Property changes on: head/sbin/pfctl/tests/files/pf0004.ok ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0005.in =================================================================== --- head/sbin/pfctl/tests/files/pf0005.in (nonexistent) +++ head/sbin/pfctl/tests/files/pf0005.in (revision 321030) @@ -0,0 +1,6 @@ +foo = "ssh, ftp" +bar = "other thing" +inside="10.0.0.0/8" + +block in proto udp from $inside port { echo, $foo, ident } \ + to 12.34.56.78 port { 6667, 0x10 } Property changes on: head/sbin/pfctl/tests/files/pf0005.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0005.ok =================================================================== --- head/sbin/pfctl/tests/files/pf0005.ok (nonexistent) +++ head/sbin/pfctl/tests/files/pf0005.ok (revision 321030) @@ -0,0 +1,11 @@ +foo = "ssh, ftp" +bar = "other thing" +inside = "10.0.0.0/8" +block drop in inet proto udp from 10.0.0.0/8 port = echo to 12.34.56.78 port = 6667 +block drop in inet proto udp from 10.0.0.0/8 port = echo to 12.34.56.78 port = 16 +block drop in inet proto udp from 10.0.0.0/8 port = ssh to 12.34.56.78 port = 6667 +block drop in inet proto udp from 10.0.0.0/8 port = ssh to 12.34.56.78 port = 16 +block drop in inet proto udp from 10.0.0.0/8 port = ftp to 12.34.56.78 port = 6667 +block drop in inet proto udp from 10.0.0.0/8 port = ftp to 12.34.56.78 port = 16 +block drop in inet proto udp from 10.0.0.0/8 port = auth to 12.34.56.78 port = 6667 +block drop in inet proto udp from 10.0.0.0/8 port = auth to 12.34.56.78 port = 16 Property changes on: head/sbin/pfctl/tests/files/pf0005.ok ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0006.in =================================================================== --- head/sbin/pfctl/tests/files/pf0006.in (nonexistent) +++ head/sbin/pfctl/tests/files/pf0006.in (revision 321030) @@ -0,0 +1,3 @@ +a=b +c=x +a_b_c=d Property changes on: head/sbin/pfctl/tests/files/pf0006.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0006.ok =================================================================== --- head/sbin/pfctl/tests/files/pf0006.ok (nonexistent) +++ head/sbin/pfctl/tests/files/pf0006.ok (revision 321030) @@ -0,0 +1,3 @@ +a = "b" +c = "x" +a_b_c = "d" Property changes on: head/sbin/pfctl/tests/files/pf0006.ok ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0007.in =================================================================== --- head/sbin/pfctl/tests/files/pf0007.in (nonexistent) +++ head/sbin/pfctl/tests/files/pf0007.in (revision 321030) @@ -0,0 +1,34 @@ +# test modulate state + +block out log on tun1000000 all +block in log on tun1000000 all + +block return-rst out log on tun1000000 proto tcp all +block return-rst in log on tun1000000 proto tcp all +block return-icmp out log on tun1000000 proto udp all +block return-icmp in log on tun1000000 proto udp all + +block out log quick on tun1000000 from ! 157.161.48.183 to any + +block in quick on tun1000000 from any to 255.255.255.255 + +block in log quick on tun1000000 from 10.0.0.0/8 to any +block in log quick on tun1000000 from 172.16.0.0/12 to any +block in log quick on tun1000000 from 192.168.0.0/16 to any +block in log quick on tun1000000 from 255.255.255.255/32 to any + +pass out on tun1000000 inet proto icmp all icmp-type 8 code 0 keep state +pass in on tun1000000 inet proto icmp all icmp-type 8 code 0 keep state + +pass out on tun1000000 proto udp all keep state + +pass in on tun1000000 proto udp from any to any port = domain keep state + +pass out on tun1000000 proto tcp all modulate state +pass in on tun1000000 proto { tcp udp icmp } all modulate state +pass in on tun1000000 proto { udp tcp icmp } all flags S/SA synproxy state + +pass in on tun1000000 proto tcp from any to any port = ssh modulate state +pass in on tun1000000 proto tcp from any to any port = smtp modulate state +pass in on tun1000000 proto tcp from any to any port = domain modulate state +pass in on tun1000000 proto tcp from any to any port = auth modulate state Property changes on: head/sbin/pfctl/tests/files/pf0007.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0007.ok =================================================================== --- head/sbin/pfctl/tests/files/pf0007.ok (nonexistent) +++ head/sbin/pfctl/tests/files/pf0007.ok (revision 321030) @@ -0,0 +1,27 @@ +block drop out log on tun1000000 all +block drop in log on tun1000000 all +block return-rst out log on tun1000000 proto tcp all +block return-rst in log on tun1000000 proto tcp all +block return-icmp(port-unr, port-unr) out log on tun1000000 proto udp all +block return-icmp(port-unr, port-unr) in log on tun1000000 proto udp all +block drop out log quick on tun1000000 inet from ! 157.161.48.183 to any +block drop in quick on tun1000000 inet from any to 255.255.255.255 +block drop in log quick on tun1000000 inet from 10.0.0.0/8 to any +block drop in log quick on tun1000000 inet from 172.16.0.0/12 to any +block drop in log quick on tun1000000 inet from 192.168.0.0/16 to any +block drop in log quick on tun1000000 inet from 255.255.255.255 to any +pass out on tun1000000 inet proto icmp all icmp-type echoreq code 0 keep state +pass in on tun1000000 inet proto icmp all icmp-type echoreq code 0 keep state +pass out on tun1000000 proto udp all keep state +pass in on tun1000000 proto udp from any to any port = domain keep state +pass out on tun1000000 proto tcp all flags S/SA modulate state +pass in on tun1000000 proto tcp all flags S/SA modulate state +pass in on tun1000000 proto udp all keep state +pass in on tun1000000 proto icmp all keep state +pass in on tun1000000 proto udp all keep state +pass in on tun1000000 proto tcp all flags S/SA synproxy state +pass in on tun1000000 proto icmp all keep state +pass in on tun1000000 proto tcp from any to any port = ssh flags S/SA modulate state +pass in on tun1000000 proto tcp from any to any port = smtp flags S/SA modulate state +pass in on tun1000000 proto tcp from any to any port = domain flags S/SA modulate state +pass in on tun1000000 proto tcp from any to any port = auth flags S/SA modulate state Property changes on: head/sbin/pfctl/tests/files/pf0007.ok ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0008.in =================================================================== --- head/sbin/pfctl/tests/files/pf0008.in (nonexistent) +++ head/sbin/pfctl/tests/files/pf0008.in (revision 321030) @@ -0,0 +1,2 @@ +extern = "{ ! 10.0.0.0/8, 10.1.2.3 }" +block out log on tun1000001 from $extern to any Property changes on: head/sbin/pfctl/tests/files/pf0008.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0008.ok =================================================================== --- head/sbin/pfctl/tests/files/pf0008.ok (nonexistent) +++ head/sbin/pfctl/tests/files/pf0008.ok (revision 321030) @@ -0,0 +1,3 @@ +extern = "{ ! 10.0.0.0/8, 10.1.2.3 }" +block drop out log on tun1000001 inet from ! 10.0.0.0/8 to any +block drop out log on tun1000001 inet from 10.1.2.3 to any Property changes on: head/sbin/pfctl/tests/files/pf0008.ok ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0009.in =================================================================== --- head/sbin/pfctl/tests/files/pf0009.in (nonexistent) +++ head/sbin/pfctl/tests/files/pf0009.in (revision 321030) @@ -0,0 +1,3 @@ +interfaces = "{ enc0, tun1000000 }" + +block in on $interfaces all Property changes on: head/sbin/pfctl/tests/files/pf0009.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0009.ok =================================================================== --- head/sbin/pfctl/tests/files/pf0009.ok (nonexistent) +++ head/sbin/pfctl/tests/files/pf0009.ok (revision 321030) @@ -0,0 +1,3 @@ +interfaces = "{ enc0, tun1000000 }" +block drop in on enc0 all +block drop in on tun1000000 all Property changes on: head/sbin/pfctl/tests/files/pf0009.ok ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0010.in =================================================================== --- head/sbin/pfctl/tests/files/pf0010.in (nonexistent) +++ head/sbin/pfctl/tests/files/pf0010.in (revision 321030) @@ -0,0 +1,31 @@ +# return variants +pass in inet proto icmp all +pass in inet6 proto icmp6 all +block in inet proto icmp all +block in inet6 proto icmp6 all +block return-rst in inet proto tcp all +block return-rst in inet6 proto tcp all +block return-rst(ttl 10) in inet proto tcp all +block return-rst(ttl 10) in inet6 proto tcp all +block return-icmp in inet proto icmp all +block return-icmp(0) in inet proto icmp all +block return-icmp(net-unr) in inet proto icmp all +block return-icmp(5) in inet proto icmp all +block return-icmp(srcfail) in inet proto icmp all +block return-icmp(10) in inet proto icmp all +block return-icmp(host-prohib) in inet proto icmp all +block return-icmp(15) in inet proto icmp all +block return-icmp(cutoff-preced) in inet proto icmp all +block return-icmp6 in inet6 proto icmp6 all +block return-icmp6(0) in inet6 proto icmp6 all +block return-icmp6(noroute-unr) in inet6 proto icmp6 all +block return-icmp6(1) in inet6 proto icmp6 all +block return-icmp6(admin-unr) in inet6 proto icmp6 all +block return-icmp6(2) in inet6 proto icmp6 all +block return-icmp6(notnbr-unr) in inet6 proto icmp6 all +block return-icmp6(3) in inet6 proto icmp6 all +block return-icmp6(addr-unr) in inet6 proto icmp6 all +block return-icmp6(4) in inet6 proto icmp6 all +block return-icmp6(port-unr) in inet6 proto icmp6 all +block return-icmp(5, 1) in all +block return-icmp(srcfail, admin-unr) in all Property changes on: head/sbin/pfctl/tests/files/pf0010.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0010.ok =================================================================== --- head/sbin/pfctl/tests/files/pf0010.ok (nonexistent) +++ head/sbin/pfctl/tests/files/pf0010.ok (revision 321030) @@ -0,0 +1,30 @@ +pass in inet proto icmp all keep state +pass in inet6 proto ipv6-icmp all keep state +block drop in inet proto icmp all +block drop in inet6 proto ipv6-icmp all +block return-rst in inet proto tcp all +block return-rst in inet6 proto tcp all +block return-rst(ttl 10) in inet proto tcp all +block return-rst(ttl 10) in inet6 proto tcp all +block return-icmp(port-unr) in inet proto icmp all +block return-icmp(net-unr) in inet proto icmp all +block return-icmp(net-unr) in inet proto icmp all +block return-icmp(srcfail) in inet proto icmp all +block return-icmp(srcfail) in inet proto icmp all +block return-icmp(host-prohib) in inet proto icmp all +block return-icmp(host-prohib) in inet proto icmp all +block return-icmp(cutoff-preced) in inet proto icmp all +block return-icmp(cutoff-preced) in inet proto icmp all +block return-icmp6(port-unr) in inet6 proto ipv6-icmp all +block return-icmp6(noroute-unr) in inet6 proto ipv6-icmp all +block return-icmp6(noroute-unr) in inet6 proto ipv6-icmp all +block return-icmp6(admin-unr) in inet6 proto ipv6-icmp all +block return-icmp6(admin-unr) in inet6 proto ipv6-icmp all +block return-icmp6(notnbr-unr) in inet6 proto ipv6-icmp all +block return-icmp6(notnbr-unr) in inet6 proto ipv6-icmp all +block return-icmp6(addr-unr) in inet6 proto ipv6-icmp all +block return-icmp6(addr-unr) in inet6 proto ipv6-icmp all +block return-icmp6(port-unr) in inet6 proto ipv6-icmp all +block return-icmp6(port-unr) in inet6 proto ipv6-icmp all +block return-icmp(srcfail, admin-unr) in all +block return-icmp(srcfail, admin-unr) in all Property changes on: head/sbin/pfctl/tests/files/pf0010.ok ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0011.in =================================================================== --- head/sbin/pfctl/tests/files/pf0011.in (nonexistent) +++ head/sbin/pfctl/tests/files/pf0011.in (revision 321030) @@ -0,0 +1,18 @@ +pass in inet proto icmp all icmp-type 0 +pass in inet proto icmp all icmp-type 0 code 0 +pass in inet proto icmp all icmp-type 1 +pass in inet proto icmp all icmp-type 1 code 1 +pass in inet6 proto ipv6-icmp all icmp6-type 0 +pass in inet6 proto ipv6-icmp all icmp6-type 0 code 0 +pass in inet6 proto ipv6-icmp all icmp6-type 1 +pass in inet6 proto ipv6-icmp all icmp6-type 1 code 1 +block in inet proto icmp all icmp-type 0 +block in inet proto icmp all icmp-type 0 code 0 +block in inet proto icmp all icmp-type 1 +block in inet proto icmp all icmp-type 1 code 1 +block in inet6 proto ipv6-icmp all icmp6-type 0 +block in inet6 proto ipv6-icmp all icmp6-type 0 code 0 +block in inet6 proto ipv6-icmp all icmp6-type 1 +block in inet6 proto ipv6-icmp all icmp6-type 1 code 1 +pass in inet proto icmp all icmp-type unreach code needfrag +pass in inet6 proto ipv6-icmp all icmp6-type timex code reassemb Property changes on: head/sbin/pfctl/tests/files/pf0011.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0011.ok =================================================================== --- head/sbin/pfctl/tests/files/pf0011.ok (nonexistent) +++ head/sbin/pfctl/tests/files/pf0011.ok (revision 321030) @@ -0,0 +1,18 @@ +pass in inet proto icmp all icmp-type echorep keep state +pass in inet proto icmp all icmp-type echorep code 0 keep state +pass in inet proto icmp all icmp-type 1 keep state +pass in inet proto icmp all icmp-type 1 code 1 keep state +pass in inet6 proto ipv6-icmp all icmp6-type 0 keep state +pass in inet6 proto ipv6-icmp all icmp6-type 0 code 0 keep state +pass in inet6 proto ipv6-icmp all icmp6-type unreach keep state +pass in inet6 proto ipv6-icmp all icmp6-type unreach code admin-unr keep state +block drop in inet proto icmp all icmp-type echorep +block drop in inet proto icmp all icmp-type echorep code 0 +block drop in inet proto icmp all icmp-type 1 +block drop in inet proto icmp all icmp-type 1 code 1 +block drop in inet6 proto ipv6-icmp all icmp6-type 0 +block drop in inet6 proto ipv6-icmp all icmp6-type 0 code 0 +block drop in inet6 proto ipv6-icmp all icmp6-type unreach +block drop in inet6 proto ipv6-icmp all icmp6-type unreach code admin-unr +pass in inet proto icmp all icmp-type unreach code needfrag keep state +pass in inet6 proto ipv6-icmp all icmp6-type timex code reassemb keep state Property changes on: head/sbin/pfctl/tests/files/pf0011.ok ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0012.in =================================================================== --- head/sbin/pfctl/tests/files/pf0012.in (nonexistent) +++ head/sbin/pfctl/tests/files/pf0012.in (revision 321030) @@ -0,0 +1,5 @@ +pass in from 127.0.0.1 to 127.0.0.1/8 no state +pass in from 127.0.0.1/16 to 127.0.0.1/24 no state +pass in from 127.0.0.1/25 to ! 127.0.0.1/26 +pass in inet from ! localhost to localhost/16 +pass in inet from ! lo0 to ! lo0/8 Property changes on: head/sbin/pfctl/tests/files/pf0012.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0012.ok =================================================================== --- head/sbin/pfctl/tests/files/pf0012.ok (nonexistent) +++ head/sbin/pfctl/tests/files/pf0012.ok (revision 321030) @@ -0,0 +1,5 @@ +pass in inet from 127.0.0.1 to 127.0.0.0/8 no state +pass in inet from 127.0.0.0/16 to 127.0.0.0/24 no state +pass in inet from 127.0.0.0/25 to ! 127.0.0.0/26 flags S/SA keep state +pass in inet from ! 127.0.0.1 to 127.0.0.0/16 flags S/SA keep state +pass in inet from ! 127.0.0.1 to ! 127.0.0.0/8 flags S/SA keep state Property changes on: head/sbin/pfctl/tests/files/pf0012.ok ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0013.in =================================================================== --- head/sbin/pfctl/tests/files/pf0013.in (nonexistent) +++ head/sbin/pfctl/tests/files/pf0013.in (revision 321030) @@ -0,0 +1,22 @@ +pass in quick on enc0 from any to any +pass in quick on enc0 inet from any to any +pass in quick on enc0 inet6 from any to any + +#pass out quick on tun1000000 inet from any to any route-to tun1000001 +#pass out quick on tun1000000 from any to 192.168.1.1 route-to tun1000001 +#pass out quick on tun1000000 from any to fec0::1 route-to tun1000001 + +#pass in on tun1000000 proto tcp from any to any port = 21 dup-to (tun1000001 192.168.1.1) +#pass in on tun1000000 proto tcp from any to any port = 21 dup-to (tun1000001 fec0::1) + +#pass in quick on tun1000000 from 192.168.1.1/32 to 10.1.1.1/32 route-to tun1000001 +#pass in quick on tun1000000 from fec0::1/64 to fec1::2/128 route-to tun1000001 + +#pass in on tun1000000 proto tcp from any to any port = 21 reply-to (tun1000001 192.168.1.1) +#pass in on tun1000000 proto tcp from any to any port = 21 reply-to (tun1000001 fec0::1) + +#pass in quick on tun1000000 from 192.168.1.1/32 to 10.1.1.1/32 reply-to tun1000001 +#pass in quick on tun1000000 from fec0::1/64 to fec1::2/128 reply-to tun1000001 + +#pass in quick on tun1000000 from 192.168.1.1/32 to 10.1.1.1/32 dup-to (tun1000001 192.168.1.100) +#pass in quick on tun1000000 from fec0::1/64 to fec1::2/128 dup-to (tun1000001 fec1::2) Property changes on: head/sbin/pfctl/tests/files/pf0013.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0013.ok =================================================================== --- head/sbin/pfctl/tests/files/pf0013.ok (nonexistent) +++ head/sbin/pfctl/tests/files/pf0013.ok (revision 321030) @@ -0,0 +1,3 @@ +pass in quick on enc0 all flags S/SA keep state +pass in quick on enc0 inet all flags S/SA keep state +pass in quick on enc0 inet6 all flags S/SA keep state Property changes on: head/sbin/pfctl/tests/files/pf0013.ok ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0014.in =================================================================== --- head/sbin/pfctl/tests/files/pf0014.in (nonexistent) +++ head/sbin/pfctl/tests/files/pf0014.in (revision 321030) @@ -0,0 +1,6 @@ +pass in quick on lo0 from fe80::1%lo0 to fe80::1%lo0 +pass in quick from fe80::1%lo0 to fe80::1%lo0 +pass in quick from fe80::1%lo0 to any +pass in quick from any to fe80::1%lo0 +pass in quick on lo0 from fe80::1%lo0 to any +pass in quick on lo0 from any to fe80::1%lo0 Property changes on: head/sbin/pfctl/tests/files/pf0014.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0014.ok =================================================================== --- head/sbin/pfctl/tests/files/pf0014.ok (nonexistent) +++ head/sbin/pfctl/tests/files/pf0014.ok (revision 321030) @@ -0,0 +1,6 @@ +pass in quick on lo0 inet6 from fe80::1 to fe80::1 flags S/SA keep state +pass in quick on lo0 inet6 from fe80::1 to fe80::1 flags S/SA keep state +pass in quick on lo0 inet6 from fe80::1 to any flags S/SA keep state +pass in quick on lo0 inet6 from any to fe80::1 flags S/SA keep state +pass in quick on lo0 inet6 from fe80::1 to any flags S/SA keep state +pass in quick on lo0 inet6 from any to fe80::1 flags S/SA keep state Property changes on: head/sbin/pfctl/tests/files/pf0014.ok ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0016.in =================================================================== --- head/sbin/pfctl/tests/files/pf0016.in (nonexistent) +++ head/sbin/pfctl/tests/files/pf0016.in (revision 321030) @@ -0,0 +1,5 @@ +# Test rule order processing: should fail unless nat -> filter +#match out on lo0 from 192.168.1.1 to any nat-to 10.0.0.1 +#match in on lo0 proto tcp from any to 1.2.3.4/32 port 2222 rdr-to 10.0.0.10 port 22 +#match on lo0 from 192.168.1.1 to any binat-to 10.0.0.1 +pass in on lo1000000 from any to any no state Property changes on: head/sbin/pfctl/tests/files/pf0016.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0016.ok =================================================================== --- head/sbin/pfctl/tests/files/pf0016.ok (nonexistent) +++ head/sbin/pfctl/tests/files/pf0016.ok (revision 321030) @@ -0,0 +1 @@ +pass in on lo1000000 all no state Property changes on: head/sbin/pfctl/tests/files/pf0016.ok ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0018.in =================================================================== --- head/sbin/pfctl/tests/files/pf0018.in (nonexistent) +++ head/sbin/pfctl/tests/files/pf0018.in (revision 321030) @@ -0,0 +1,19 @@ +# test nat + +TEST_LIST1 = "{ 192.168.1.5, 192.168.1.6, 192.168.1.7 }" +TEST_LIST2 = "{ 172.6.1.1, 172.14.1.2/32, 172.16.2.0/24 }" + +#match out on lo0 from 192.168.1.1 to any nat-to 10.0.0.1 +#match out on lo0 proto tcp from 192.168.1.2 to any nat-to 10.0.0.2 +#match out on lo0 proto udp from 192.168.1.3 to any nat-to 10.0.0.3 +#match out on lo0 proto icmp from 192.168.1.4 to any nat-to 10.0.0.4 + +#match out on lo0 inet from $TEST_LIST1 to $TEST_LIST2 nat-to lo0 + +#match out on lo0 inet from 192.168.0.1/24 to any nat-to (lo0) + +#match out on lo0 from 192.168.1.8 to ! 172.17.0.0/16 nat-to 10.0.0.8 + +#match out on ! lo0 proto { udp, tcp } from any to any nat-to 10.0.0.8 static-port + +#match out on { lo0, tun1000000 } from any to any nat-to 10.0.0.8 Property changes on: head/sbin/pfctl/tests/files/pf0018.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0018.ok =================================================================== --- head/sbin/pfctl/tests/files/pf0018.ok (nonexistent) +++ head/sbin/pfctl/tests/files/pf0018.ok (revision 321030) @@ -0,0 +1,2 @@ +TEST_LIST1 = "{ 192.168.1.5, 192.168.1.6, 192.168.1.7 }" +TEST_LIST2 = "{ 172.6.1.1, 172.14.1.2/32, 172.16.2.0/24 }" Property changes on: head/sbin/pfctl/tests/files/pf0018.ok ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0019.in =================================================================== --- head/sbin/pfctl/tests/files/pf0019.in (nonexistent) +++ head/sbin/pfctl/tests/files/pf0019.in (revision 321030) @@ -0,0 +1,9 @@ +EVIL = "lo0" +GOOD = "{ lo0, lo1000000 }" +GOOD_NET = "{ 127.0.0.0/24, 10.0.1.0/24 }" +DEST_NET = "{ 1.2.3.4/25, 2.4.6.8/30 }" + +#match in on lo0 proto tcp from any to 1.2.3.4/32 port 2222 rdr-to 10.0.0.10 port 22 + +# Test list processing +#match in on $GOOD proto tcp from $GOOD_NET to $DEST_NET port 21 rdr-to 127.0.0.1 port 8021 Property changes on: head/sbin/pfctl/tests/files/pf0019.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0019.ok =================================================================== --- head/sbin/pfctl/tests/files/pf0019.ok (nonexistent) +++ head/sbin/pfctl/tests/files/pf0019.ok (revision 321030) @@ -0,0 +1,4 @@ +EVIL = "lo0" +GOOD = "{ lo0, lo1000000 }" +GOOD_NET = "{ 127.0.0.0/24, 10.0.1.0/24 }" +DEST_NET = "{ 1.2.3.4/25, 2.4.6.8/30 }" Property changes on: head/sbin/pfctl/tests/files/pf0019.ok ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0020.in =================================================================== --- head/sbin/pfctl/tests/files/pf0020.in (nonexistent) +++ head/sbin/pfctl/tests/files/pf0020.in (revision 321030) @@ -0,0 +1,9 @@ +# Test whether list expansion in NAT/RDR works correctly + +EVIL = "lo0" +GOOD = "{ lo0, lo1000000 }" +GOOD_NET = "{ 127.0.0.0/24, 10.0.1.0/24 }" +DEST_NET = "{ 1.2.3.4/25, 2.4.6.8/30 }" + +#match out on $EVIL inet from $GOOD_NET to $DEST_NET nat-to $EVIL +#match in on $GOOD proto tcp from $GOOD_NET to $DEST_NET port 21 rdr-to 127.0.0.1 port 8021 Property changes on: head/sbin/pfctl/tests/files/pf0020.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0020.ok =================================================================== --- head/sbin/pfctl/tests/files/pf0020.ok (nonexistent) +++ head/sbin/pfctl/tests/files/pf0020.ok (revision 321030) @@ -0,0 +1,4 @@ +EVIL = "lo0" +GOOD = "{ lo0, lo1000000 }" +GOOD_NET = "{ 127.0.0.0/24, 10.0.1.0/24 }" +DEST_NET = "{ 1.2.3.4/25, 2.4.6.8/30 }" Property changes on: head/sbin/pfctl/tests/files/pf0020.ok ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0022.in =================================================================== --- head/sbin/pfctl/tests/files/pf0022.in (nonexistent) +++ head/sbin/pfctl/tests/files/pf0022.in (revision 321030) @@ -0,0 +1,8 @@ +set optimization aggressive +set timeout { tcp.closing 6, tcp.opening 6 } +set timeout tcp.first 6 +set limit states 500 +set limit {states 1000,frags 1000} +set loginterface lo0 +set loginterface none +set hostid 1 Property changes on: head/sbin/pfctl/tests/files/pf0022.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0022.ok =================================================================== --- head/sbin/pfctl/tests/files/pf0022.ok (nonexistent) +++ head/sbin/pfctl/tests/files/pf0022.ok (revision 321030) @@ -0,0 +1,10 @@ +set optimization aggressive +set timeout tcp.closing 6 +set timeout tcp.opening 6 +set timeout tcp.first 6 +set limit states 500 +set limit states 1000 +set limit frags 1000 +set loginterface lo0 +set loginterface none +set hostid 0x00000001 Property changes on: head/sbin/pfctl/tests/files/pf0022.ok ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0023.in =================================================================== --- head/sbin/pfctl/tests/files/pf0023.in (nonexistent) +++ head/sbin/pfctl/tests/files/pf0023.in (revision 321030) @@ -0,0 +1,2 @@ +#test negated interface matching +block in on ! lo0 all Property changes on: head/sbin/pfctl/tests/files/pf0023.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0023.ok =================================================================== --- head/sbin/pfctl/tests/files/pf0023.ok (nonexistent) +++ head/sbin/pfctl/tests/files/pf0023.ok (revision 321030) @@ -0,0 +1 @@ +block drop in on ! lo0 all Property changes on: head/sbin/pfctl/tests/files/pf0023.ok ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0024.in =================================================================== --- head/sbin/pfctl/tests/files/pf0024.in (nonexistent) +++ head/sbin/pfctl/tests/files/pf0024.in (revision 321030) @@ -0,0 +1,8 @@ +#test variable concat +a="ssh" +b="ftp" +c=$a $b +d=$a $b $a $b +e=$a $b $b "test" $a $b + +pass in proto tcp from any to any port { $c } Property changes on: head/sbin/pfctl/tests/files/pf0024.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0024.ok =================================================================== --- head/sbin/pfctl/tests/files/pf0024.ok (nonexistent) +++ head/sbin/pfctl/tests/files/pf0024.ok (revision 321030) @@ -0,0 +1,7 @@ +a = "ssh" +b = "ftp" +c = "ssh ftp" +d = "ssh ftp ssh ftp" +e = "ssh ftp ftp test ssh ftp" +pass in proto tcp from any to any port = ssh flags S/SA keep state +pass in proto tcp from any to any port = ftp flags S/SA keep state Property changes on: head/sbin/pfctl/tests/files/pf0024.ok ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0025.in =================================================================== --- head/sbin/pfctl/tests/files/pf0025.in (nonexistent) +++ head/sbin/pfctl/tests/files/pf0025.in (revision 321030) @@ -0,0 +1,4 @@ +antispoof for lo0 +antispoof log quick for lo0 inet +antispoof for (lo0) +antispoof log quick for (lo0) inet Property changes on: head/sbin/pfctl/tests/files/pf0025.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0025.ok =================================================================== --- head/sbin/pfctl/tests/files/pf0025.ok (nonexistent) +++ head/sbin/pfctl/tests/files/pf0025.ok (revision 321030) @@ -0,0 +1,5 @@ +block drop in on ! lo0 inet6 from ::1 to any +block drop in on ! lo0 inet from 127.0.0.0/8 to any +block drop in log quick on ! lo0 inet from 127.0.0.0/8 to any +block drop in on ! lo0 from (lo0:network) to any +block drop in log quick on ! lo0 inet from (lo0:network) to any Property changes on: head/sbin/pfctl/tests/files/pf0025.ok ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0026.in =================================================================== --- head/sbin/pfctl/tests/files/pf0026.in (nonexistent) +++ head/sbin/pfctl/tests/files/pf0026.in (revision 321030) @@ -0,0 +1,2 @@ +block in on lo0 inet from ! (lo0) to any +block out on lo0 inet from any to ! (lo0) Property changes on: head/sbin/pfctl/tests/files/pf0026.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0026.ok =================================================================== --- head/sbin/pfctl/tests/files/pf0026.ok (nonexistent) +++ head/sbin/pfctl/tests/files/pf0026.ok (revision 321030) @@ -0,0 +1,2 @@ +block drop in on lo0 inet from ! (lo0) to any +block drop out on lo0 inet from any to ! (lo0) Property changes on: head/sbin/pfctl/tests/files/pf0026.ok ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0028.in =================================================================== --- head/sbin/pfctl/tests/files/pf0028.in (nonexistent) +++ head/sbin/pfctl/tests/files/pf0028.in (revision 321030) @@ -0,0 +1,7 @@ +# test logging keywords, and log quick/quick log order +block in log (all) quick on lo0 all +block in quick log on lo0 all +block in quick log (all) on lo0 all +block in log quick on lo0 all +block in log on lo0 all +block in log (all) on lo0 all Property changes on: head/sbin/pfctl/tests/files/pf0028.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0028.ok =================================================================== --- head/sbin/pfctl/tests/files/pf0028.ok (nonexistent) +++ head/sbin/pfctl/tests/files/pf0028.ok (revision 321030) @@ -0,0 +1,6 @@ +block drop in log (all) quick on lo0 all +block drop in log quick on lo0 all +block drop in log (all) quick on lo0 all +block drop in log quick on lo0 all +block drop in log on lo0 all +block drop in log (all) on lo0 all Property changes on: head/sbin/pfctl/tests/files/pf0028.ok ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0030.in =================================================================== --- head/sbin/pfctl/tests/files/pf0030.in (nonexistent) +++ head/sbin/pfctl/tests/files/pf0030.in (revision 321030) @@ -0,0 +1,7 @@ +#test line continuation + +block \ + in \ + on lo0 \ + from any \ + to any Property changes on: head/sbin/pfctl/tests/files/pf0030.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0030.ok =================================================================== --- head/sbin/pfctl/tests/files/pf0030.ok (nonexistent) +++ head/sbin/pfctl/tests/files/pf0030.ok (revision 321030) @@ -0,0 +1 @@ +block drop in on lo0 all Property changes on: head/sbin/pfctl/tests/files/pf0030.ok ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0031.in =================================================================== --- head/sbin/pfctl/tests/files/pf0031.in (nonexistent) +++ head/sbin/pfctl/tests/files/pf0031.in (revision 321030) @@ -0,0 +1,21 @@ +set block-policy drop +block return in on lo0 all +block return in on lo0 inet all +block return in on lo0 inet6 all +block drop in on lo0 all +block drop in on lo0 inet all +block drop in on lo0 inet6 all +block in on lo0 all +block in on lo0 inet all +block in on lo0 inet6 all +#set block-policy return +block return in on lo0 all +block return in on lo0 inet all +block return in on lo0 inet6 all +block drop in on lo0 all +block drop in on lo0 inet all +block drop in on lo0 inet6 all +block in on lo0 all +block in on lo0 inet all +block in on lo0 inet6 all + Property changes on: head/sbin/pfctl/tests/files/pf0031.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0031.ok =================================================================== --- head/sbin/pfctl/tests/files/pf0031.ok (nonexistent) +++ head/sbin/pfctl/tests/files/pf0031.ok (revision 321030) @@ -0,0 +1,19 @@ +set block-policy drop +block return in on lo0 all +block return in on lo0 inet all +block return in on lo0 inet6 all +block drop in on lo0 all +block drop in on lo0 inet all +block drop in on lo0 inet6 all +block drop in on lo0 all +block drop in on lo0 inet all +block drop in on lo0 inet6 all +block return in on lo0 all +block return in on lo0 inet all +block return in on lo0 inet6 all +block drop in on lo0 all +block drop in on lo0 inet all +block drop in on lo0 inet6 all +block drop in on lo0 all +block drop in on lo0 inet all +block drop in on lo0 inet6 all Property changes on: head/sbin/pfctl/tests/files/pf0031.ok ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0032.in =================================================================== --- head/sbin/pfctl/tests/files/pf0032.in (nonexistent) +++ head/sbin/pfctl/tests/files/pf0032.in (revision 321030) @@ -0,0 +1,7 @@ +pass in from 10/8 to any +pass in from 10.1/8 to any +pass in from 192.168.37.29/25 to any +pass in from 192.168.37.29/24 to any +pass in from 192.168.37.29/16 to any +pass in from 192.168.37.29/8 to any + Property changes on: head/sbin/pfctl/tests/files/pf0032.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0032.ok =================================================================== --- head/sbin/pfctl/tests/files/pf0032.ok (nonexistent) +++ head/sbin/pfctl/tests/files/pf0032.ok (revision 321030) @@ -0,0 +1,6 @@ +pass in inet from 10.0.0.0/8 to any flags S/SA keep state +pass in inet from 10.0.0.0/8 to any flags S/SA keep state +pass in inet from 192.168.37.0/25 to any flags S/SA keep state +pass in inet from 192.168.37.0/24 to any flags S/SA keep state +pass in inet from 192.168.0.0/16 to any flags S/SA keep state +pass in inet from 192.0.0.0/8 to any flags S/SA keep state Property changes on: head/sbin/pfctl/tests/files/pf0032.ok ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0034.in =================================================================== --- head/sbin/pfctl/tests/files/pf0034.in (nonexistent) +++ head/sbin/pfctl/tests/files/pf0034.in (revision 321030) @@ -0,0 +1,5 @@ +#mixed af, probability +pass in from any to { 127.0.0.1, 2000::1 } +pass in probability 0.5 +pass in probability 50% +pass in inet6 proto tcp from ::1 probability 0.8% Property changes on: head/sbin/pfctl/tests/files/pf0034.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0034.ok =================================================================== --- head/sbin/pfctl/tests/files/pf0034.ok (nonexistent) +++ head/sbin/pfctl/tests/files/pf0034.ok (revision 321030) @@ -0,0 +1,5 @@ +pass in inet from any to 127.0.0.1 flags S/SA keep state +pass in inet6 from any to 2000::1 flags S/SA keep state +pass in all flags S/SA keep state probability 50% +pass in all flags S/SA keep state probability 50% +pass in inet6 proto tcp from ::1 to any flags S/SA keep state probability 0.8% Property changes on: head/sbin/pfctl/tests/files/pf0034.ok ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0035.in =================================================================== --- head/sbin/pfctl/tests/files/pf0035.in (nonexistent) +++ head/sbin/pfctl/tests/files/pf0035.in (revision 321030) @@ -0,0 +1,5 @@ +#test matching on tos + +intf = "lo0" +pass out on $intf inet proto tcp from any to any port 22 tos 0x10 +pass out on $intf inet proto tcp from any to any port 22 tos 0x08 Property changes on: head/sbin/pfctl/tests/files/pf0035.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0035.ok =================================================================== --- head/sbin/pfctl/tests/files/pf0035.ok (nonexistent) +++ head/sbin/pfctl/tests/files/pf0035.ok (revision 321030) @@ -0,0 +1,3 @@ +intf = "lo0" +pass out on lo0 inet proto tcp from any to any port = ssh flags S/SA tos 0x10 keep state +pass out on lo0 inet proto tcp from any to any port = ssh flags S/SA tos 0x08 keep state Property changes on: head/sbin/pfctl/tests/files/pf0035.ok ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0038.in =================================================================== --- head/sbin/pfctl/tests/files/pf0038.in (nonexistent) +++ head/sbin/pfctl/tests/files/pf0038.in (revision 321030) @@ -0,0 +1,5 @@ +# test + +pass in on tun1000000 proto tcp from any to any user bin +pass in on tun1000000 proto tcp from any to any group bin +pass in on tun1000000 proto tcp from any to any group wheel user root user bin Property changes on: head/sbin/pfctl/tests/files/pf0038.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0038.ok =================================================================== --- head/sbin/pfctl/tests/files/pf0038.ok (nonexistent) +++ head/sbin/pfctl/tests/files/pf0038.ok (revision 321030) @@ -0,0 +1,4 @@ +pass in on tun1000000 proto tcp all user = 3 flags S/SA keep state +pass in on tun1000000 proto tcp all group = 7 flags S/SA keep state +pass in on tun1000000 proto tcp all user = 3 group = 0 flags S/SA keep state +pass in on tun1000000 proto tcp all user = 0 group = 0 flags S/SA keep state Property changes on: head/sbin/pfctl/tests/files/pf0038.ok ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0039.in =================================================================== --- head/sbin/pfctl/tests/files/pf0039.in (nonexistent) +++ head/sbin/pfctl/tests/files/pf0039.in (revision 321030) @@ -0,0 +1,25 @@ +#test random ordered opts + +body1="pass in log quick on lo0 inet proto icmp all " +body2="pass in log quick on lo0 inet proto tcp all " +o_user="user root " +o_user2="user bin " +o_group="group wheel " +o_group2="group nobody " +o_flags="flags S/SA " +o_icmpspec="icmp-type 0 code 0 " +o_tos="tos 0x08 " +o_keep="keep state " +o_fragment="fragment " +o_allowopts="allow-opts " +o_label="label blah" +o_prio="set prio 2" + +$body2 $o_fragment $o_keep $o_label $o_tos +$body2 $o_user $o_prio $o_tos $o_keep $o_group $o_label $o_allowopts \ +$o_user2 $o_group2 +$body1 $o_icmpspec $o_keep $o_label $o_prio +$body2 $o_keep +$body2 $o_label $o_keep $o_prio $o_tos +$body1 $o_icmpspec $o_tos +$body2 $o_flags $o_allowopts Property changes on: head/sbin/pfctl/tests/files/pf0039.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0039.ok =================================================================== --- head/sbin/pfctl/tests/files/pf0039.ok (nonexistent) +++ head/sbin/pfctl/tests/files/pf0039.ok (revision 321030) @@ -0,0 +1,24 @@ +body1 = "pass in log quick on lo0 inet proto icmp all " +body2 = "pass in log quick on lo0 inet proto tcp all " +o_user = "user root " +o_user2 = "user bin " +o_group = "group wheel " +o_group2 = "group nobody " +o_flags = "flags S/SA " +o_icmpspec = "icmp-type 0 code 0 " +o_tos = "tos 0x08 " +o_keep = "keep state " +o_fragment = "fragment " +o_allowopts = "allow-opts " +o_label = "label blah" +o_prio = "set prio 2" +pass in log quick on lo0 inet proto tcp all tos 0x08 keep state fragment label "blah" +pass in log quick on lo0 inet proto tcp all user = 3 group = 65534 flags S/SA tos 0x08 set ( prio 2 ) keep state allow-opts label "blah" +pass in log quick on lo0 inet proto tcp all user = 3 group = 0 flags S/SA tos 0x08 set ( prio 2 ) keep state allow-opts label "blah" +pass in log quick on lo0 inet proto tcp all user = 0 group = 65534 flags S/SA tos 0x08 set ( prio 2 ) keep state allow-opts label "blah" +pass in log quick on lo0 inet proto tcp all user = 0 group = 0 flags S/SA tos 0x08 set ( prio 2 ) keep state allow-opts label "blah" +pass in log quick on lo0 inet proto icmp all icmp-type echorep code 0 set ( prio 2 ) keep state label "blah" +pass in log quick on lo0 inet proto tcp all flags S/SA keep state +pass in log quick on lo0 inet proto tcp all flags S/SA tos 0x08 set ( prio 2 ) keep state label "blah" +pass in log quick on lo0 inet proto icmp all icmp-type echorep code 0 tos 0x08 keep state +pass in log quick on lo0 inet proto tcp all flags S/SA keep state allow-opts Property changes on: head/sbin/pfctl/tests/files/pf0039.ok ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0040.in =================================================================== --- head/sbin/pfctl/tests/files/pf0040.in (nonexistent) +++ head/sbin/pfctl/tests/files/pf0040.in (revision 321030) @@ -0,0 +1,20 @@ +block +block return +block return-rst proto tcp +pass +pass in no state +pass out no state +pass all no state +block in all +block out all +block from any to any +pass in from any to any +pass out from any to any +block on lo0 +pass on lo0 all +block on lo0 from any to any +pass proto tcp flags S/SA +pass proto udp keep state +pass in proto udp all keep state +pass out proto udp from any to any keep state +pass out on lo0 proto tcp from any to any port 25 keep state Property changes on: head/sbin/pfctl/tests/files/pf0040.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0040.ok =================================================================== --- head/sbin/pfctl/tests/files/pf0040.ok (nonexistent) +++ head/sbin/pfctl/tests/files/pf0040.ok (revision 321030) @@ -0,0 +1,20 @@ +block drop all +block return all +block return-rst proto tcp all +pass all flags S/SA keep state +pass in all no state +pass out all no state +pass all no state +block drop in all +block drop out all +block drop all +pass in all flags S/SA keep state +pass out all flags S/SA keep state +block drop on lo0 all +pass on lo0 all flags S/SA keep state +block drop on lo0 all +pass proto tcp all flags S/SA keep state +pass proto udp all keep state +pass in proto udp all keep state +pass out proto udp all keep state +pass out on lo0 proto tcp from any to any port = smtp flags S/SA keep state Property changes on: head/sbin/pfctl/tests/files/pf0040.ok ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0041.in =================================================================== --- head/sbin/pfctl/tests/files/pf0041.in (nonexistent) +++ head/sbin/pfctl/tests/files/pf0041.in (revision 321030) @@ -0,0 +1,12 @@ +anchor foo +anchor bar all +anchor bar from any to any +anchor foo inet +anchor foo inet6 +anchor foo inet all +anchor foo proto tcp +anchor foo inet proto tcp from 10.1.2.3 port smtp to 10.2.3.4 port ssh +anchor foobar inet6 proto udp from ::1 port 1 to ::1 port 2 +anchor filteropt out proto tcp to any port 22 user root +anchor filteropt in proto tcp to (self) port 22 group sshd +anchor filteropt out inet proto icmp all icmp-type echoreq Property changes on: head/sbin/pfctl/tests/files/pf0041.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0041.ok =================================================================== --- head/sbin/pfctl/tests/files/pf0041.ok (nonexistent) +++ head/sbin/pfctl/tests/files/pf0041.ok (revision 321030) @@ -0,0 +1,12 @@ +anchor "foo" all +anchor "bar" all +anchor "bar" all +anchor "foo" inet all +anchor "foo" inet6 all +anchor "foo" inet all +anchor "foo" proto tcp all +anchor "foo" inet proto tcp from 10.1.2.3 port = smtp to 10.2.3.4 port = ssh +anchor "foobar" inet6 proto udp from ::1 port = tcpmux to ::1 port = compressnet +anchor "filteropt" out proto tcp from any to any port = ssh user = 0 +anchor "filteropt" in proto tcp from any to (self) port = ssh group = 22 +anchor "filteropt" out inet proto icmp all icmp-type echoreq Property changes on: head/sbin/pfctl/tests/files/pf0041.ok ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0047.in =================================================================== --- head/sbin/pfctl/tests/files/pf0047.in (nonexistent) +++ head/sbin/pfctl/tests/files/pf0047.in (revision 321030) @@ -0,0 +1,67 @@ +pass in on lo0 all label "" + +pass in all label "$if" +pass in on lo0 all label "$if" +pass in on lo0 all label "$if$if" + +pass in on lo0 all label "$srcaddr" +pass in on lo0 from 0/0 to any label "$srcaddr" +pass in on lo0 from 127.0.0.1 to any label "$srcaddr" +pass in on lo0 from 127.0.0.1 to any label "$srcaddr$srcaddr" +pass in on lo0 from 127.0.0.1 to any label ":$srcaddr:$srcaddr:" +pass in on lo0 from 127.0.0.1/8 to any label "$srcaddr" +pass in on lo0 from 127.0.0.1/16 to any label "$srcaddr$srcaddr" +pass in on lo0 from 127.0.0.1/31 to any label ":$srcaddr:$srcaddr:" +pass in on lo0 inet6 from fe80::1 to any label "$srcaddr" +pass in on lo0 inet6 from fe80::1 to any label "$srcaddr$srcaddr" +pass in on lo0 inet6 from fe80::1 to any label ":$srcaddr:$srcaddr:" +pass in on lo0 inet6 from lo0/8 to any label "$srcaddr" +pass in on lo0 inet6 from lo0/64 to any label "$srcaddr$srcaddr" +pass in on lo0 inet6 from lo0/127 to any label ":$srcaddr:$srcaddr:" + +pass in on lo0 all label "!$dstaddr!" +pass in on lo0 inet from any to (lo0) label "$dstaddr" +pass in on lo0 inet from any to (lo0) label "$dstaddr$dstaddr" +pass in on lo0 inet from any to (lo0) label " $dstaddr $dstaddr " +pass in on lo0 from any to ! 127.0.0.1/8 label "$dstaddr" +pass in on lo0 from any to ! 127.0.0.1/16 label "$dstaddr$dstaddr" +pass in on lo0 from any to ! 127.0.0.1/31 label " $dstaddr $dstaddr " +pass in on lo0 inet6 from any to ! (lo0) label "$dstaddr" +pass in on lo0 inet6 from any to ! (lo0) label "$dstaddr$dstaddr" +pass in on lo0 inet6 from any to ! (lo0) label " $dstaddr $dstaddr " +pass in on lo0 inet6 from any to ! ::1/8 label "$dstaddr" +pass in on lo0 inet6 from any to ! ::1/64 label "$dstaddr$dstaddr" +pass in on lo0 inet6 from any to ! ::1/127 label " $dstaddr $dstaddr " + +pass in on lo0 all label "x$srcportx" +pass in on lo0 proto tcp from any port = 28 to any label "$srcport" +pass in on lo0 proto tcp from any port 28 >< 29 to any label "$srcport" +pass in on lo0 proto tcp from any port 28 <> 29 to any label "$srcport" +pass in on lo0 proto tcp from any port 28:29 to any label "$srcport" +pass in on lo0 proto tcp from any port != 28 to any label "$srcport" +pass in on lo0 proto tcp from any port < 28 to any label "$srcport" +pass in on lo0 proto tcp from any port <= 28 to any label "$srcport" +pass in on lo0 proto tcp from any port > 28 to any label "$srcport" +pass in on lo0 proto tcp from any port >= 28 to any label "$srcport" +pass in on lo0 proto tcp from any port = 28 to any label "$srcport$srcport" +pass in on lo0 proto tcp from any port = 28 to any label "$$srcport$$srcport$" + +pass in on lo0 all label "$dstport" +pass in on lo0 proto udp from any to any port = 29 label "$dstport" +pass in on lo0 proto udp from any to any port != 29 label "$dstport$dstport" +pass in on lo0 proto udp from any to any port > 29 label "x$dstportx$dstportx" + +pass in on lo0 all label "$proto" +pass in on lo0 proto esp all label "$proto" +pass in on lo0 proto esp all label "$proto$proto" +pass in on lo0 proto esp all label "-$proto-$proto-" +pass in on lo0 proto 166 all label "$proto" +pass in on lo0 proto 166 all label "$proto$proto" +pass in on lo0 proto 166 all label "_$proto_$proto_" + +pass in on lo0 all label "$nr" +pass in on lo0 all label "$nr$nr" +pass in on lo0 all label "%$nr%$nr%" + +pass in on lo0 proto tcp from 127.0.0.1 port = 30 to 127.0.0.2 port = 44 \ + label "if $if proto $proto $srcaddr $srcport $dstaddr $dstport" Property changes on: head/sbin/pfctl/tests/files/pf0047.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0047.ok =================================================================== --- head/sbin/pfctl/tests/files/pf0047.ok (nonexistent) +++ head/sbin/pfctl/tests/files/pf0047.ok (revision 321030) @@ -0,0 +1,61 @@ +pass in on lo0 all flags S/SA keep state +pass in all flags S/SA keep state label "any" +pass in on lo0 all flags S/SA keep state label "lo0" +pass in on lo0 all flags S/SA keep state label "lo0lo0" +pass in on lo0 all flags S/SA keep state label "any" +pass in on lo0 inet all flags S/SA keep state label "any" +pass in on lo0 inet from 127.0.0.1 to any flags S/SA keep state label "127.0.0.1" +pass in on lo0 inet from 127.0.0.1 to any flags S/SA keep state label "127.0.0.1127.0.0.1" +pass in on lo0 inet from 127.0.0.1 to any flags S/SA keep state label ":127.0.0.1:127.0.0.1:" +pass in on lo0 inet from 127.0.0.0/8 to any flags S/SA keep state label "127.0.0.0/8" +pass in on lo0 inet from 127.0.0.0/16 to any flags S/SA keep state label "127.0.0.0/16127.0.0.0/16" +pass in on lo0 inet from 127.0.0.0/31 to any flags S/SA keep state label ":127.0.0.0/31:127.0.0.0/31:" +pass in on lo0 inet6 from fe80::1 to any flags S/SA keep state label "fe80::1" +pass in on lo0 inet6 from fe80::1 to any flags S/SA keep state label "fe80::1fe80::1" +pass in on lo0 inet6 from fe80::1 to any flags S/SA keep state label ":fe80::1:fe80::1:" +pass in on lo0 inet6 from ::/8 to any flags S/SA keep state label "::/8" +pass in on lo0 inet6 from fe00::/8 to any flags S/SA keep state label "fe00::/8" +pass in on lo0 inet6 from ::/64 to any flags S/SA keep state label "::/64::/64" +pass in on lo0 inet6 from fe80::/64 to any flags S/SA keep state label "fe80::/64fe80::/64" +pass in on lo0 inet6 from ::/127 to any flags S/SA keep state label ":::/127:::/127:" +pass in on lo0 inet6 from fe80::/127 to any flags S/SA keep state label ":fe80::/127:fe80::/127:" +pass in on lo0 all flags S/SA keep state label "!any!" +pass in on lo0 inet from any to (lo0) flags S/SA keep state label "(lo0)" +pass in on lo0 inet from any to (lo0) flags S/SA keep state label "(lo0)(lo0)" +pass in on lo0 inet from any to (lo0) flags S/SA keep state label " (lo0) (lo0) " +pass in on lo0 inet from any to ! 127.0.0.0/8 flags S/SA keep state label "! 127.0.0.0/8" +pass in on lo0 inet from any to ! 127.0.0.0/16 flags S/SA keep state label "! 127.0.0.0/16! 127.0.0.0/16" +pass in on lo0 inet from any to ! 127.0.0.0/31 flags S/SA keep state label " ! 127.0.0.0/31 ! 127.0.0.0/31 " +pass in on lo0 inet6 from any to ! (lo0) flags S/SA keep state label "! (lo0)" +pass in on lo0 inet6 from any to ! (lo0) flags S/SA keep state label "! (lo0)! (lo0)" +pass in on lo0 inet6 from any to ! (lo0) flags S/SA keep state label " ! (lo0) ! (lo0) " +pass in on lo0 inet6 from any to ! ::/8 flags S/SA keep state label "! ::/8" +pass in on lo0 inet6 from any to ! ::/64 flags S/SA keep state label "! ::/64! ::/64" +pass in on lo0 inet6 from any to ! ::/127 flags S/SA keep state label " ! ::/127 ! ::/127 " +pass in on lo0 all flags S/SA keep state label "xx" +pass in on lo0 proto tcp from any port = 28 to any flags S/SA keep state label "28" +pass in on lo0 proto tcp from any port 28 >< 29 to any flags S/SA keep state label "28><29" +pass in on lo0 proto tcp from any port 28 <> 29 to any flags S/SA keep state label "28<>29" +pass in on lo0 proto tcp from any port 28:29 to any flags S/SA keep state +pass in on lo0 proto tcp from any port != 28 to any flags S/SA keep state label "!=28" +pass in on lo0 proto tcp from any port < 28 to any flags S/SA keep state label "<28" +pass in on lo0 proto tcp from any port <= 28 to any flags S/SA keep state label "<=28" +pass in on lo0 proto tcp from any port > 28 to any flags S/SA keep state label ">28" +pass in on lo0 proto tcp from any port >= 28 to any flags S/SA keep state label ">=28" +pass in on lo0 proto tcp from any port = 28 to any flags S/SA keep state label "2828" +pass in on lo0 proto tcp from any port = 28 to any flags S/SA keep state label "$28$28$" +pass in on lo0 all flags S/SA keep state +pass in on lo0 proto udp from any to any port = msg-icp keep state label "29" +pass in on lo0 proto udp from any to any port != msg-icp keep state label "!=29!=29" +pass in on lo0 proto udp from any to any port > 29 keep state label "x>29x>29x" +pass in on lo0 all flags S/SA keep state label "ip" +pass in on lo0 proto esp all keep state label "esp" +pass in on lo0 proto esp all keep state label "espesp" +pass in on lo0 proto esp all keep state label "-esp-esp-" +pass in on lo0 proto 166 all keep state label "166" +pass in on lo0 proto 166 all keep state label "166166" +pass in on lo0 proto 166 all keep state label "_166_166_" +pass in on lo0 all flags S/SA keep state label "57" +pass in on lo0 all flags S/SA keep state label "5858" +pass in on lo0 all flags S/SA keep state label "%59%59%" +pass in on lo0 inet proto tcp from 127.0.0.1 port = 30 to 127.0.0.2 port = mpm-flags flags S/SA keep state label "if lo0 proto tcp 127.0.0.1 30 127.0.0.2 44" Property changes on: head/sbin/pfctl/tests/files/pf0047.ok ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0048.in =================================================================== --- head/sbin/pfctl/tests/files/pf0048.in (nonexistent) +++ head/sbin/pfctl/tests/files/pf0048.in (revision 321030) @@ -0,0 +1,13 @@ +table < regress > { 1.2.3.4 !5.6.7.8 10/8 lo0 } +table const { ::1 fe80::/64 } +table { 1.2.3.4 !5.6.7.8 } { ::1 ::2 ::3 } file "/dev/null" const { 4.3.2.1 } +#match out on lo0 inet from < regress.1> to nat-to lo0:0 +#match out on !lo0 inet from ! to nat-to lo0:0 +#match in on lo0 inet6 from to rdr-to lo0:0 +#match in on !lo0 inet6 from !< regress.1 > to rdr-to lo0:0 +#match in from { ! } to any +#match out from any to { !, } +pass in from to any +pass out from any to +pass in from { } to any +pass out from any to { !, ! } Property changes on: head/sbin/pfctl/tests/files/pf0048.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0048.ok =================================================================== --- head/sbin/pfctl/tests/files/pf0048.ok (nonexistent) +++ head/sbin/pfctl/tests/files/pf0048.ok (revision 321030) @@ -0,0 +1,9 @@ +table { 1.2.3.4 !5.6.7.8 10.0.0.0/8 ::1 fe80::1 127.0.0.1 } +table const { ::1 fe80::/64 } +table const { 1.2.3.4 !5.6.7.8 ::1 ::2 ::3 } file "/dev/null" { 4.3.2.1 } +pass in from to any flags S/SA keep state +pass out from any to flags S/SA keep state +pass in from to any flags S/SA keep state +pass in from to any flags S/SA keep state +pass out from any to ! flags S/SA keep state +pass out from any to ! flags S/SA keep state Property changes on: head/sbin/pfctl/tests/files/pf0048.ok ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0049.in =================================================================== --- head/sbin/pfctl/tests/files/pf0049.in (nonexistent) +++ head/sbin/pfctl/tests/files/pf0049.in (revision 321030) @@ -0,0 +1,7 @@ +#test :broadcast and :network modifiers +pass in on lo0 from lo0:network to any keep state +pass out on lo0 inet from lo0:network to any +pass in on lo0 inet6 from lo0:network to any keep state + +#broadcast on lo0 doesn't make sense at all! +#block in on lo0 from any to lo0:broadcast Property changes on: head/sbin/pfctl/tests/files/pf0049.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0049.ok =================================================================== --- head/sbin/pfctl/tests/files/pf0049.ok (nonexistent) +++ head/sbin/pfctl/tests/files/pf0049.ok (revision 321030) @@ -0,0 +1,4 @@ +pass in on lo0 inet6 from ::1 to any flags S/SA keep state +pass in on lo0 inet from 127.0.0.0/8 to any flags S/SA keep state +pass out on lo0 inet from 127.0.0.0/8 to any flags S/SA keep state +pass in on lo0 inet6 from ::1 to any flags S/SA keep state Property changes on: head/sbin/pfctl/tests/files/pf0049.ok ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0050.in =================================================================== --- head/sbin/pfctl/tests/files/pf0050.in (nonexistent) +++ head/sbin/pfctl/tests/files/pf0050.in (revision 321030) @@ -0,0 +1,4 @@ +# double macro set +extif="wi0" +extif="lo0" +block in on $extif Property changes on: head/sbin/pfctl/tests/files/pf0050.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0050.ok =================================================================== --- head/sbin/pfctl/tests/files/pf0050.ok (nonexistent) +++ head/sbin/pfctl/tests/files/pf0050.ok (revision 321030) @@ -0,0 +1,3 @@ +extif = "wi0" +extif = "lo0" +block drop in on lo0 all Property changes on: head/sbin/pfctl/tests/files/pf0050.ok ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0052.in =================================================================== --- head/sbin/pfctl/tests/files/pf0052.in (nonexistent) +++ head/sbin/pfctl/tests/files/pf0052.in (revision 321030) @@ -0,0 +1,7 @@ +# test setting all optimizations to avoid future keyword clashes + +set optimization normal +set optimization satellite +set optimization high-latency +set optimization conservative +set optimization aggressive Property changes on: head/sbin/pfctl/tests/files/pf0052.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0052.ok =================================================================== --- head/sbin/pfctl/tests/files/pf0052.ok (nonexistent) +++ head/sbin/pfctl/tests/files/pf0052.ok (revision 321030) @@ -0,0 +1,5 @@ +set optimization normal +set optimization satellite +set optimization high-latency +set optimization conservative +set optimization aggressive Property changes on: head/sbin/pfctl/tests/files/pf0052.ok ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0053.in =================================================================== --- head/sbin/pfctl/tests/files/pf0053.in (nonexistent) +++ head/sbin/pfctl/tests/files/pf0053.in (revision 321030) @@ -0,0 +1,4 @@ +pass in proto tcp from { 1.2.3.4, 1.2.3.5 } to any label \ +"$nr:$if:$proto:$srcaddr:$srcport:$dstaddr:$dstport" +pass in on lo0 proto tcp from { 1.2.3.4, 1.2.3.5 } to any label \ +"$nr:$if:$proto:$srcaddr:$srcport:$dstaddr:$dstport" Property changes on: head/sbin/pfctl/tests/files/pf0053.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0053.ok =================================================================== --- head/sbin/pfctl/tests/files/pf0053.ok (nonexistent) +++ head/sbin/pfctl/tests/files/pf0053.ok (revision 321030) @@ -0,0 +1,4 @@ +pass in inet proto tcp from 1.2.3.4 to any flags S/SA keep state label "0:any:tcp:1.2.3.4::any:" +pass in inet proto tcp from 1.2.3.5 to any flags S/SA keep state label "1:any:tcp:1.2.3.5::any:" +pass in on lo0 inet proto tcp from 1.2.3.4 to any flags S/SA keep state label "2:lo0:tcp:1.2.3.4::any:" +pass in on lo0 inet proto tcp from 1.2.3.5 to any flags S/SA keep state label "3:lo0:tcp:1.2.3.5::any:" Property changes on: head/sbin/pfctl/tests/files/pf0053.ok ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0055.in =================================================================== --- head/sbin/pfctl/tests/files/pf0055.in (nonexistent) +++ head/sbin/pfctl/tests/files/pf0055.in (revision 321030) @@ -0,0 +1,18 @@ +set timeout { interval 43, frag 23 } +set timeout { tcp.first 423, tcp.opening 123, tcp.established 43758 } +set timeout { tcp.closing 744, tcp.finwait 25, tcp.closed 38 } +set timeout { udp.first 356, udp.single 73, udp.multiple 34 } +set timeout { icmp.first 464, icmp.error 34 } +set timeout { other.first 455, other.single 54, other.multiple 324 } +set timeout { src.track 3600 } +set limit { states 4522, frags 43556 } +set loginterface none +set loginterface lo0 +set hostid 1 +set optimization normal +set block-policy drop + +set limit states 43254 +set limit frags 34557 +set timeout interval 344 +set timeout frag 213 Property changes on: head/sbin/pfctl/tests/files/pf0055.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0055.ok =================================================================== --- head/sbin/pfctl/tests/files/pf0055.ok (nonexistent) +++ head/sbin/pfctl/tests/files/pf0055.ok (revision 321030) @@ -0,0 +1,28 @@ +set timeout interval 43 +set timeout frag 23 +set timeout tcp.first 423 +set timeout tcp.opening 123 +set timeout tcp.established 43758 +set timeout tcp.closing 744 +set timeout tcp.finwait 25 +set timeout tcp.closed 38 +set timeout udp.first 356 +set timeout udp.single 73 +set timeout udp.multiple 34 +set timeout icmp.first 464 +set timeout icmp.error 34 +set timeout other.first 455 +set timeout other.single 54 +set timeout other.multiple 324 +set timeout src.track 3600 +set limit states 4522 +set limit frags 43556 +set loginterface none +set loginterface lo0 +set hostid 0x00000001 +set optimization normal +set block-policy drop +set limit states 43254 +set limit frags 34557 +set timeout interval 344 +set timeout frag 213 Property changes on: head/sbin/pfctl/tests/files/pf0055.ok ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0056.in =================================================================== --- head/sbin/pfctl/tests/files/pf0056.in (nonexistent) +++ head/sbin/pfctl/tests/files/pf0056.in (revision 321030) @@ -0,0 +1,2 @@ +pass in proto tcp from any to any port www keep state (tcp.established 60) +pass in proto tcp from any to any port www keep state (max 10, no-sync, tcp.first 2) Property changes on: head/sbin/pfctl/tests/files/pf0056.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0056.ok =================================================================== --- head/sbin/pfctl/tests/files/pf0056.ok (nonexistent) +++ head/sbin/pfctl/tests/files/pf0056.ok (revision 321030) @@ -0,0 +1,2 @@ +pass in proto tcp from any to any port = http flags S/SA keep state (tcp.established 60) +pass in proto tcp from any to any port = http flags S/SA keep state (max 10, no-sync, tcp.first 2, adaptive.start 6, adaptive.end 12) Property changes on: head/sbin/pfctl/tests/files/pf0056.ok ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0057.in =================================================================== --- head/sbin/pfctl/tests/files/pf0057.in (nonexistent) +++ head/sbin/pfctl/tests/files/pf0057.in (revision 321030) @@ -0,0 +1,4 @@ +a="10.0.0.1" +b="x" +b="y" +pass in from $a Property changes on: head/sbin/pfctl/tests/files/pf0057.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0057.ok =================================================================== --- head/sbin/pfctl/tests/files/pf0057.ok (nonexistent) +++ head/sbin/pfctl/tests/files/pf0057.ok (revision 321030) @@ -0,0 +1,4 @@ +a = "10.0.0.1" +b = "x" +b = "y" +pass in inet from 10.0.0.1 to any flags S/SA keep state Property changes on: head/sbin/pfctl/tests/files/pf0057.ok ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0060.in =================================================================== --- head/sbin/pfctl/tests/files/pf0060.in (nonexistent) +++ head/sbin/pfctl/tests/files/pf0060.in (revision 321030) @@ -0,0 +1,11 @@ +# netmask handling w/ multicast + +pass from 224.4.5.4/32 +pass from 224.4.5.4/16 +pass from 224.4.5.4/26 +pass from 224.4.5.65/26 +pass from 224.4.5.134/26 +pass from 224.4.5.199/26 +pass from 224.4.5.4 + + Property changes on: head/sbin/pfctl/tests/files/pf0060.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0060.ok =================================================================== --- head/sbin/pfctl/tests/files/pf0060.ok (nonexistent) +++ head/sbin/pfctl/tests/files/pf0060.ok (revision 321030) @@ -0,0 +1,7 @@ +pass inet from 224.4.5.4 to any flags S/SA keep state +pass inet from 224.4.0.0/16 to any flags S/SA keep state +pass inet from 224.4.5.0/26 to any flags S/SA keep state +pass inet from 224.4.5.64/26 to any flags S/SA keep state +pass inet from 224.4.5.128/26 to any flags S/SA keep state +pass inet from 224.4.5.192/26 to any flags S/SA keep state +pass inet from 224.4.5.4 to any flags S/SA keep state Property changes on: head/sbin/pfctl/tests/files/pf0060.ok ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0061.in =================================================================== --- head/sbin/pfctl/tests/files/pf0061.in (nonexistent) +++ head/sbin/pfctl/tests/files/pf0061.in (revision 321030) @@ -0,0 +1,4 @@ +# dynaddr with netmask + +pass inet to (lo0)/24 + Property changes on: head/sbin/pfctl/tests/files/pf0061.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0061.ok =================================================================== --- head/sbin/pfctl/tests/files/pf0061.ok (nonexistent) +++ head/sbin/pfctl/tests/files/pf0061.ok (revision 321030) @@ -0,0 +1 @@ +pass inet from any to (lo0)/24 flags S/SA keep state Property changes on: head/sbin/pfctl/tests/files/pf0061.ok ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0065.in =================================================================== --- head/sbin/pfctl/tests/files/pf0065.in (nonexistent) +++ head/sbin/pfctl/tests/files/pf0065.in (revision 321030) @@ -0,0 +1,2 @@ +antispoof for lo0 label "antispoof-lo0" +antispoof log quick for lo0 inet label "antispoof-lo0-2" Property changes on: head/sbin/pfctl/tests/files/pf0065.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0065.ok =================================================================== --- head/sbin/pfctl/tests/files/pf0065.ok (nonexistent) +++ head/sbin/pfctl/tests/files/pf0065.ok (revision 321030) @@ -0,0 +1,3 @@ +block drop in on ! lo0 inet6 from ::1 to any label "antispoof-lo0" +block drop in on ! lo0 inet from 127.0.0.0/8 to any label "antispoof-lo0" +block drop in log quick on ! lo0 inet from 127.0.0.0/8 to any label "antispoof-lo0-2" Property changes on: head/sbin/pfctl/tests/files/pf0065.ok ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0067.in =================================================================== --- head/sbin/pfctl/tests/files/pf0067.in (nonexistent) +++ head/sbin/pfctl/tests/files/pf0067.in (revision 321030) @@ -0,0 +1,3 @@ +pass in quick on tun1000000 keep state tag regress +pass out quick on lo0 keep state tagged regress + Property changes on: head/sbin/pfctl/tests/files/pf0067.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0067.ok =================================================================== --- head/sbin/pfctl/tests/files/pf0067.ok (nonexistent) +++ head/sbin/pfctl/tests/files/pf0067.ok (revision 321030) @@ -0,0 +1,2 @@ +pass in quick on tun1000000 all flags S/SA keep state tag regress +pass out quick on lo0 all flags S/SA keep state tagged regress Property changes on: head/sbin/pfctl/tests/files/pf0067.ok ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0069.in =================================================================== --- head/sbin/pfctl/tests/files/pf0069.in (nonexistent) +++ head/sbin/pfctl/tests/files/pf0069.in (revision 321030) @@ -0,0 +1,3 @@ +#match out on lo0 inet all tag regress nat-to lo0 +pass out quick on lo0 keep state tagged regress + Property changes on: head/sbin/pfctl/tests/files/pf0069.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0069.ok =================================================================== --- head/sbin/pfctl/tests/files/pf0069.ok (nonexistent) +++ head/sbin/pfctl/tests/files/pf0069.ok (revision 321030) @@ -0,0 +1 @@ +pass out quick on lo0 all flags S/SA keep state tagged regress Property changes on: head/sbin/pfctl/tests/files/pf0069.ok ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0070.in =================================================================== --- head/sbin/pfctl/tests/files/pf0070.in (nonexistent) +++ head/sbin/pfctl/tests/files/pf0070.in (revision 321030) @@ -0,0 +1,3 @@ +#match out on lo0 from 10.0.0.0/8 to any nat-to lo0 +block out on lo0 tagged regress + Property changes on: head/sbin/pfctl/tests/files/pf0070.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0070.ok =================================================================== --- head/sbin/pfctl/tests/files/pf0070.ok (nonexistent) +++ head/sbin/pfctl/tests/files/pf0070.ok (revision 321030) @@ -0,0 +1 @@ +block drop out on lo0 all tagged regress Property changes on: head/sbin/pfctl/tests/files/pf0070.ok ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0071.in =================================================================== --- head/sbin/pfctl/tests/files/pf0071.in (nonexistent) +++ head/sbin/pfctl/tests/files/pf0071.in (revision 321030) @@ -0,0 +1,3 @@ +#match in on lo0 proto tcp from 10.0.0.0/8 to port 80 rdr-to lo0 +block out on lo0 tagged regress + Property changes on: head/sbin/pfctl/tests/files/pf0071.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0071.ok =================================================================== --- head/sbin/pfctl/tests/files/pf0071.ok (nonexistent) +++ head/sbin/pfctl/tests/files/pf0071.ok (revision 321030) @@ -0,0 +1 @@ +block drop out on lo0 all tagged regress Property changes on: head/sbin/pfctl/tests/files/pf0071.ok ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0072.in =================================================================== --- head/sbin/pfctl/tests/files/pf0072.in (nonexistent) +++ head/sbin/pfctl/tests/files/pf0072.in (revision 321030) @@ -0,0 +1,4 @@ +# test binat tagging +#match on lo0 from 192.168.1.1 to any tag regress binat-to 10.0.0.1 +block out on lo0 tagged regress + Property changes on: head/sbin/pfctl/tests/files/pf0072.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0072.ok =================================================================== --- head/sbin/pfctl/tests/files/pf0072.ok (nonexistent) +++ head/sbin/pfctl/tests/files/pf0072.ok (revision 321030) @@ -0,0 +1 @@ +block drop out on lo0 all tagged regress Property changes on: head/sbin/pfctl/tests/files/pf0072.ok ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0074.in =================================================================== --- head/sbin/pfctl/tests/files/pf0074.in (nonexistent) +++ head/sbin/pfctl/tests/files/pf0074.in (revision 321030) @@ -0,0 +1 @@ +pass in proto tcp synproxy state Property changes on: head/sbin/pfctl/tests/files/pf0074.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0074.ok =================================================================== --- head/sbin/pfctl/tests/files/pf0074.ok (nonexistent) +++ head/sbin/pfctl/tests/files/pf0074.ok (revision 321030) @@ -0,0 +1 @@ +pass in proto tcp all flags S/SA synproxy state Property changes on: head/sbin/pfctl/tests/files/pf0074.ok ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0075.in =================================================================== --- head/sbin/pfctl/tests/files/pf0075.in (nonexistent) +++ head/sbin/pfctl/tests/files/pf0075.in (revision 321030) @@ -0,0 +1,3 @@ +block in on lo0 proto tcp from 192.168.0.0/24 to port 22 tag ssh +block in quick on lo0 ! tagged ssh + \ No newline at end of file Property changes on: head/sbin/pfctl/tests/files/pf0075.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0075.ok =================================================================== --- head/sbin/pfctl/tests/files/pf0075.ok (nonexistent) +++ head/sbin/pfctl/tests/files/pf0075.ok (revision 321030) @@ -0,0 +1,2 @@ +block drop in on lo0 inet proto tcp from 192.168.0.0/24 to any port = ssh tag ssh +block drop in quick on lo0 all ! tagged ssh Property changes on: head/sbin/pfctl/tests/files/pf0075.ok ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0077.in =================================================================== --- head/sbin/pfctl/tests/files/pf0077.in (nonexistent) +++ head/sbin/pfctl/tests/files/pf0077.in (revision 321030) @@ -0,0 +1,5 @@ +# dynaddr with netmask. I never want to see this again: +# $ echo "pass inet from (le0)/8" | pfctl -nvf - +# pass inet from (l)/8 to any + +pass inet from (lo0)/8 Property changes on: head/sbin/pfctl/tests/files/pf0077.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0077.ok =================================================================== --- head/sbin/pfctl/tests/files/pf0077.ok (nonexistent) +++ head/sbin/pfctl/tests/files/pf0077.ok (revision 321030) @@ -0,0 +1 @@ +pass inet from (lo0)/8 to any flags S/SA keep state Property changes on: head/sbin/pfctl/tests/files/pf0077.ok ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0078.in =================================================================== --- head/sbin/pfctl/tests/files/pf0078.in (nonexistent) +++ head/sbin/pfctl/tests/files/pf0078.in (revision 321030) @@ -0,0 +1,2 @@ +pass in from 10.0.0.1 to label "$srcaddr:$dstaddr" + Property changes on: head/sbin/pfctl/tests/files/pf0078.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0078.ok =================================================================== --- head/sbin/pfctl/tests/files/pf0078.ok (nonexistent) +++ head/sbin/pfctl/tests/files/pf0078.ok (revision 321030) @@ -0,0 +1 @@ +pass in inet from 10.0.0.1 to flags S/SA keep state label "10.0.0.1:" Property changes on: head/sbin/pfctl/tests/files/pf0078.ok ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0079.in =================================================================== --- head/sbin/pfctl/tests/files/pf0079.in (nonexistent) +++ head/sbin/pfctl/tests/files/pf0079.in (revision 321030) @@ -0,0 +1,2 @@ +pass in from 10.0.0.1 to no-route label "$srcaddr:$dstaddr" + Property changes on: head/sbin/pfctl/tests/files/pf0079.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0079.ok =================================================================== --- head/sbin/pfctl/tests/files/pf0079.ok (nonexistent) +++ head/sbin/pfctl/tests/files/pf0079.ok (revision 321030) @@ -0,0 +1 @@ +pass in inet from 10.0.0.1 to no-route flags S/SA keep state label "10.0.0.1:no-route" Property changes on: head/sbin/pfctl/tests/files/pf0079.ok ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0081.in =================================================================== --- head/sbin/pfctl/tests/files/pf0081.in (nonexistent) +++ head/sbin/pfctl/tests/files/pf0081.in (revision 321030) @@ -0,0 +1,12 @@ +# skip step optimization involving dynaddr, tables, no-route +# optimisation should be done on theses rules + +ip_list="{ ::1 ::2 ::3 0.0.0.1 0.0.0.2 0.0.0.3 }" +table_list="{ }" +pass from (lo0) to $ip_list +pass from to $table_list +pass from to $ip_list +pass from to $table_list +pass from no-route to $table_list +pass from no-route to $ip_list +pass from no-route to $table_list Property changes on: head/sbin/pfctl/tests/files/pf0081.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0081.ok =================================================================== --- head/sbin/pfctl/tests/files/pf0081.ok (nonexistent) +++ head/sbin/pfctl/tests/files/pf0081.ok (revision 321030) @@ -0,0 +1,32 @@ +ip_list = "{ ::1 ::2 ::3 0.0.0.1 0.0.0.2 0.0.0.3 }" +table_list = "{ }" +pass inet6 from (lo0) to ::1 flags S/SA keep state +pass inet6 from (lo0) to ::2 flags S/SA keep state +pass inet6 from (lo0) to ::3 flags S/SA keep state +pass inet from (lo0) to 0.0.0.1 flags S/SA keep state +pass inet from (lo0) to 0.0.0.2 flags S/SA keep state +pass inet from (lo0) to 0.0.0.3 flags S/SA keep state +pass from to flags S/SA keep state +pass from to flags S/SA keep state +pass from to flags S/SA keep state +pass inet6 from to ::1 flags S/SA keep state +pass inet6 from to ::2 flags S/SA keep state +pass inet6 from to ::3 flags S/SA keep state +pass inet from to 0.0.0.1 flags S/SA keep state +pass inet from to 0.0.0.2 flags S/SA keep state +pass inet from to 0.0.0.3 flags S/SA keep state +pass from to flags S/SA keep state +pass from to flags S/SA keep state +pass from to flags S/SA keep state +pass from no-route to flags S/SA keep state +pass from no-route to flags S/SA keep state +pass from no-route to flags S/SA keep state +pass inet6 from no-route to ::1 flags S/SA keep state +pass inet6 from no-route to ::2 flags S/SA keep state +pass inet6 from no-route to ::3 flags S/SA keep state +pass inet from no-route to 0.0.0.1 flags S/SA keep state +pass inet from no-route to 0.0.0.2 flags S/SA keep state +pass inet from no-route to 0.0.0.3 flags S/SA keep state +pass from no-route to flags S/SA keep state +pass from no-route to flags S/SA keep state +pass from no-route to flags S/SA keep state Property changes on: head/sbin/pfctl/tests/files/pf0081.ok ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0082.in =================================================================== --- head/sbin/pfctl/tests/files/pf0082.in (nonexistent) +++ head/sbin/pfctl/tests/files/pf0082.in (revision 321030) @@ -0,0 +1,15 @@ +# skip step optimization involving dynaddr, tables, no-route + +pass inet from (lo0) +pass inet from !(lo0) +pass inet from (lo0) +pass inet6 from (lo0) +pass from +pass from ! +pass from +pass inet from +pass from +pass inet6 from +pass from +pass inet from no-route +pass from no-route Property changes on: head/sbin/pfctl/tests/files/pf0082.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0082.ok =================================================================== --- head/sbin/pfctl/tests/files/pf0082.ok (nonexistent) +++ head/sbin/pfctl/tests/files/pf0082.ok (revision 321030) @@ -0,0 +1,13 @@ +pass inet from (lo0) to any flags S/SA keep state +pass inet from ! (lo0) to any flags S/SA keep state +pass inet from (lo0) to any flags S/SA keep state +pass inet6 from (lo0) to any flags S/SA keep state +pass from to any flags S/SA keep state +pass from ! to any flags S/SA keep state +pass from to any flags S/SA keep state +pass inet from to any flags S/SA keep state +pass from to any flags S/SA keep state +pass inet6 from to any flags S/SA keep state +pass from to any flags S/SA keep state +pass inet from no-route to any flags S/SA keep state +pass from no-route to any flags S/SA keep state Property changes on: head/sbin/pfctl/tests/files/pf0082.ok ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0084.in =================================================================== --- head/sbin/pfctl/tests/files/pf0084.in (nonexistent) +++ head/sbin/pfctl/tests/files/pf0084.in (revision 321030) @@ -0,0 +1,17 @@ +#match out on tun1000000 from 10.0.0.0/24 to any \ +# nat-to { 10.0.1.1, 10.0.1.2 } round-robin sticky-address +#match in on tun1000000 from any to 10.0.1.1 \ +# rdr-to { 10.0.0.0/24 } sticky-address random +#match in on tun1000000 from any to 10.0.1.2 \ +# rdr-to { 10.0.0.1, 10.0.0.2 } sticky-address + +pass in proto tcp from any to any port 22 \ + keep state (source-track) +pass in proto tcp from any to any port 25 \ + keep state (source-track global) +pass in proto tcp from any to any port 80 \ + keep state (source-track rule, max-src-nodes 1000, max-src-states 3) +pass in proto tcp from any to any port 123 \ + keep state (source-track, max-src-nodes 1000) +pass in proto tcp from any to any port 321 \ + keep state (source-track, max-src-states 3) Property changes on: head/sbin/pfctl/tests/files/pf0084.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0084.ok =================================================================== --- head/sbin/pfctl/tests/files/pf0084.ok (nonexistent) +++ head/sbin/pfctl/tests/files/pf0084.ok (revision 321030) @@ -0,0 +1,5 @@ +pass in proto tcp from any to any port = ssh flags S/SA keep state (source-track global) +pass in proto tcp from any to any port = smtp flags S/SA keep state (source-track global) +pass in proto tcp from any to any port = http flags S/SA keep state (source-track rule, max-src-states 3, max-src-nodes 1000) +pass in proto tcp from any to any port = ntp flags S/SA keep state (source-track rule, max-src-nodes 1000) +pass in proto tcp from any to any port = pip flags S/SA keep state (source-track global, max-src-states 3) Property changes on: head/sbin/pfctl/tests/files/pf0084.ok ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0085.in =================================================================== --- head/sbin/pfctl/tests/files/pf0085.in (nonexistent) +++ head/sbin/pfctl/tests/files/pf0085.in (revision 321030) @@ -0,0 +1,3 @@ +# test tag macro expansion +pass from { 127.0.0.1 127.0.0.2 127.0.0.3 } keep state tag "$srcaddr" +pass from { 127.0.0.1 127.0.0.2 127.0.0.3 } keep state tagged "$srcaddr" Property changes on: head/sbin/pfctl/tests/files/pf0085.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0085.ok =================================================================== --- head/sbin/pfctl/tests/files/pf0085.ok (nonexistent) +++ head/sbin/pfctl/tests/files/pf0085.ok (revision 321030) @@ -0,0 +1,6 @@ +pass inet from 127.0.0.1 to any flags S/SA keep state tag 127.0.0.1 +pass inet from 127.0.0.2 to any flags S/SA keep state tag 127.0.0.2 +pass inet from 127.0.0.3 to any flags S/SA keep state tag 127.0.0.3 +pass inet from 127.0.0.1 to any flags S/SA keep state tagged 127.0.0.1 +pass inet from 127.0.0.2 to any flags S/SA keep state tagged 127.0.0.2 +pass inet from 127.0.0.3 to any flags S/SA keep state tagged 127.0.0.3 Property changes on: head/sbin/pfctl/tests/files/pf0085.ok ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0087.in =================================================================== --- head/sbin/pfctl/tests/files/pf0087.in (nonexistent) +++ head/sbin/pfctl/tests/files/pf0087.in (revision 321030) @@ -0,0 +1,24 @@ +# pfctl -o rule reordering + +pass in on lo1000000 proto tcp from any to 10.0.0.2 port 22 keep state +pass in on lo1000001 proto tcp from 10.0.0.1 port 22 to 10.0.0.2 keep state +pass in on lo1000001 proto udp from 10.0.0.5 to 10.0.0.4 port 53 keep state +pass in on lo1000000 proto udp from any to 10.0.0.2 port 53 keep state +pass in proto tcp to 10.0.0.1 port 80 keep state +pass out on lo1000001 proto udp from any to 10.0.0.2 port 53 keep state +pass in proto tcp to 10.0.0.3 port 80 keep state +pass out proto tcp to 10.0.0.1 port 81 keep state +pass in proto udp to 10.0.0.3 port 53 keep state +pass in on lo1000001 proto udp from 10.0.0.2 port 53 to 10.0.0.2 keep state +pass out proto udp to 10.0.0.1 port 53 keep state +pass out on lo1000000 proto udp from any to 10.0.0.2 port 53 keep state +pass out proto udp to 10.0.0.3 port 53 keep state +pass out on lo1000000 proto tcp from any to 10.0.0.2 port 22 keep state +pass in on lo1000001 proto tcp from any to 10.0.0.2 port 22 keep state +pass in on lo1000001 proto udp from any to 10.0.0.2 port 53 keep state +pass in on lo1000001 proto tcp from 10.0.0.1 to 10.0.0.4 keep state +pass out on lo1000001 proto tcp from any to 10.0.0.2 port 22 keep state +pass out proto tcp to 10.0.0.1 port 80 keep state +pass in proto udp to 10.0.0.1 port 53 keep state +pass in on lo1000001 proto tcp from 10.0.0.1 to 10.0.0.6 port 22 keep state +pass in on lo1000001 proto udp from 10.0.0.5 to 10.0.0.2 keep state Property changes on: head/sbin/pfctl/tests/files/pf0087.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0087.ok =================================================================== --- head/sbin/pfctl/tests/files/pf0087.ok (nonexistent) +++ head/sbin/pfctl/tests/files/pf0087.ok (revision 321030) @@ -0,0 +1,22 @@ +pass in on lo1000000 inet proto tcp from any to 10.0.0.2 port = ssh flags S/SA keep state +pass in on lo1000001 inet proto tcp from 10.0.0.1 port = ssh to 10.0.0.2 flags S/SA keep state +pass in on lo1000001 inet proto udp from 10.0.0.5 to 10.0.0.4 port = domain keep state +pass in on lo1000000 inet proto udp from any to 10.0.0.2 port = domain keep state +pass in inet proto tcp from any to 10.0.0.1 port = http flags S/SA keep state +pass out on lo1000001 inet proto udp from any to 10.0.0.2 port = domain keep state +pass in inet proto tcp from any to 10.0.0.3 port = http flags S/SA keep state +pass out inet proto tcp from any to 10.0.0.1 port = hosts2-ns flags S/SA keep state +pass in inet proto udp from any to 10.0.0.3 port = domain keep state +pass in on lo1000001 inet proto udp from 10.0.0.2 port = domain to 10.0.0.2 keep state +pass out inet proto udp from any to 10.0.0.1 port = domain keep state +pass out on lo1000000 inet proto udp from any to 10.0.0.2 port = domain keep state +pass out inet proto udp from any to 10.0.0.3 port = domain keep state +pass out on lo1000000 inet proto tcp from any to 10.0.0.2 port = ssh flags S/SA keep state +pass in on lo1000001 inet proto tcp from any to 10.0.0.2 port = ssh flags S/SA keep state +pass in on lo1000001 inet proto udp from any to 10.0.0.2 port = domain keep state +pass in on lo1000001 inet proto tcp from 10.0.0.1 to 10.0.0.4 flags S/SA keep state +pass out on lo1000001 inet proto tcp from any to 10.0.0.2 port = ssh flags S/SA keep state +pass out inet proto tcp from any to 10.0.0.1 port = http flags S/SA keep state +pass in inet proto udp from any to 10.0.0.1 port = domain keep state +pass in on lo1000001 inet proto tcp from 10.0.0.1 to 10.0.0.6 port = ssh flags S/SA keep state +pass in on lo1000001 inet proto udp from 10.0.0.5 to 10.0.0.2 keep state Property changes on: head/sbin/pfctl/tests/files/pf0087.ok ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0088.in =================================================================== --- head/sbin/pfctl/tests/files/pf0088.in (nonexistent) +++ head/sbin/pfctl/tests/files/pf0088.in (revision 321030) @@ -0,0 +1,32 @@ +# pfctl -o duplicate rules + +pass in on lo1000000 from any to 10.0.0.1 +pass in on lo1000000 inet from any to 10.0.0.1 + +pass +pass out +pass out +pass out quick + +pass on lo1000001 to 10.0.0.1 +pass on lo1000000 from any to 10.0.0.1 + +pass to 10.0.0.2 modulate state +pass to 10.0.0.2 keep state +block from 10.0.0.3 to 10.0.0.2 +pass to 10.0.0.2 modulate state +block from 10.0.0.3 to 10.0.0.2 +pass to 10.0.0.2 synproxy state + + +pass out proto tcp from 10.0.0.4 to 10.0.0.5 keep state +pass out proto tcp from 10.0.0.4 to 10.0.0.5 port 80 keep state + +pass out +pass in + +pass in on lo1000001 from any to any +pass in on lo1000001 from any to any keep state +pass in on lo1000001 from any to any + +block Property changes on: head/sbin/pfctl/tests/files/pf0088.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0088.ok =================================================================== --- head/sbin/pfctl/tests/files/pf0088.ok (nonexistent) +++ head/sbin/pfctl/tests/files/pf0088.ok (revision 321030) @@ -0,0 +1,22 @@ +pass in on lo1000000 inet from any to 10.0.0.1 flags S/SA keep state +pass in on lo1000000 inet from any to 10.0.0.1 flags S/SA keep state +pass all flags S/SA keep state +pass out all flags S/SA keep state +pass out all flags S/SA keep state +pass out quick all flags S/SA keep state +pass on lo1000001 inet from any to 10.0.0.1 flags S/SA keep state +pass on lo1000000 inet from any to 10.0.0.1 flags S/SA keep state +pass inet from any to 10.0.0.2 flags S/SA modulate state +pass inet from any to 10.0.0.2 flags S/SA keep state +block drop inet from 10.0.0.3 to 10.0.0.2 +pass inet from any to 10.0.0.2 flags S/SA modulate state +block drop inet from 10.0.0.3 to 10.0.0.2 +pass inet from any to 10.0.0.2 flags S/SA synproxy state +pass out inet proto tcp from 10.0.0.4 to 10.0.0.5 flags S/SA keep state +pass out inet proto tcp from 10.0.0.4 to 10.0.0.5 port = http flags S/SA keep state +pass out all flags S/SA keep state +pass in all flags S/SA keep state +pass in on lo1000001 all flags S/SA keep state +pass in on lo1000001 all flags S/SA keep state +pass in on lo1000001 all flags S/SA keep state +block drop all Property changes on: head/sbin/pfctl/tests/files/pf0088.ok ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0089.in =================================================================== --- head/sbin/pfctl/tests/files/pf0089.in (nonexistent) +++ head/sbin/pfctl/tests/files/pf0089.in (revision 321030) @@ -0,0 +1,25 @@ +# TCP connection tracking + +table persist + +block all +block quick from + +pass out proto tcp flags S/SA keep state +pass out proto { icmp, udp } keep state + +pass in on lo1000001 proto tcp to 10.0.0.1 port 22 flags S/SA \ + keep state (max-src-conn 10, max-src-conn-rate 3/99) + +pass in on lo1000001 proto tcp to 10.0.0.2 port 22 flags S/SA keep state \ + (max-src-conn 10) + +pass in on lo1000001 proto tcp to 10.0.0.3 port 22 flags S/SA keep state \ + (max-src-conn-rate 3/99) + +pass in on lo1000000 proto tcp to 10.0.0.1 port 80 flags S/SA modulate state \ + (max-src-conn 100, max-src-conn-rate 10/5, overload flush) + +pass in on lo1000000 proto tcp to 10.0.0.1 port 8080 flags S/SA synproxy state \ + (max-src-conn 1000, max-src-conn-rate 1000/5, overload \ + flush global) Property changes on: head/sbin/pfctl/tests/files/pf0089.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0089.ok =================================================================== --- head/sbin/pfctl/tests/files/pf0089.ok (nonexistent) +++ head/sbin/pfctl/tests/files/pf0089.ok (revision 321030) @@ -0,0 +1,11 @@ +table persist +block drop all +block drop quick from to any +pass out proto tcp all flags S/SA keep state +pass out proto icmp all keep state +pass out proto udp all keep state +pass in on lo1000001 inet proto tcp from any to 10.0.0.1 port = ssh flags S/SA keep state (source-track rule, max-src-conn 10, max-src-conn-rate 3/99, src.track 99) +pass in on lo1000001 inet proto tcp from any to 10.0.0.2 port = ssh flags S/SA keep state (source-track rule, max-src-conn 10) +pass in on lo1000001 inet proto tcp from any to 10.0.0.3 port = ssh flags S/SA keep state (source-track rule, max-src-conn-rate 3/99, src.track 99) +pass in on lo1000000 inet proto tcp from any to 10.0.0.1 port = http flags S/SA modulate state (source-track rule, max-src-conn 100, max-src-conn-rate 10/5, overload flush, src.track 5) +pass in on lo1000000 inet proto tcp from any to 10.0.0.1 port = 8080 flags S/SA synproxy state (source-track rule, max-src-conn 1000, max-src-conn-rate 1000/5, overload flush global, src.track 5) Property changes on: head/sbin/pfctl/tests/files/pf0089.ok ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0090.in =================================================================== --- head/sbin/pfctl/tests/files/pf0090.in (nonexistent) +++ head/sbin/pfctl/tests/files/pf0090.in (revision 321030) @@ -0,0 +1,5 @@ +pass log (user) +pass log (all) +pass log (to pflog7) +block log (all, user, to pflog1) +block log (to pflog1, user) Property changes on: head/sbin/pfctl/tests/files/pf0090.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0090.ok =================================================================== --- head/sbin/pfctl/tests/files/pf0090.ok (nonexistent) +++ head/sbin/pfctl/tests/files/pf0090.ok (revision 321030) @@ -0,0 +1,5 @@ +pass log (user) all flags S/SA keep state +pass log (all) all flags S/SA keep state +pass log (to pflog7) all flags S/SA keep state +block drop log (all, user, to pflog1) all +block drop log (user, to pflog1) all Property changes on: head/sbin/pfctl/tests/files/pf0090.ok ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0091.in =================================================================== --- head/sbin/pfctl/tests/files/pf0091.in (nonexistent) +++ head/sbin/pfctl/tests/files/pf0091.in (revision 321030) @@ -0,0 +1,11 @@ +# basic anchor test +anchor on tun1000000 { + anchor foo out { + pass proto tcp to port 1234 + anchor proto tcp to port 2413 user root label "foo" { + block + pass from 127.0.0.1 + } + } + pass in proto tcp to port 1234 +} Property changes on: head/sbin/pfctl/tests/files/pf0091.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0091.ok =================================================================== --- head/sbin/pfctl/tests/files/pf0091.ok (nonexistent) +++ head/sbin/pfctl/tests/files/pf0091.ok (revision 321030) @@ -0,0 +1,10 @@ +anchor on tun1000000 all { + anchor "foo" out all { + pass proto tcp from any to any port = 1234 flags S/SA keep state + anchor proto tcp from any to any port = 2413 user = 0 label "foo" { + block drop all + pass inet from 127.0.0.1 to any flags S/SA keep state + } + } + pass in proto tcp from any to any port = 1234 flags S/SA keep state +} Property changes on: head/sbin/pfctl/tests/files/pf0091.ok ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0092.in =================================================================== --- head/sbin/pfctl/tests/files/pf0092.in (nonexistent) +++ head/sbin/pfctl/tests/files/pf0092.in (revision 321030) @@ -0,0 +1,30 @@ +anchor { # testing comments + anchor in { + # comment before rule + pass quick + } + # silly nesting + anchor out { + anchor in { + anchor out { + anchor in { + anchor out { + anchor in { + anchor out { + anchor in { + pass + } + } + } + } + } + } + } + } + pass in on tun1000000 + anchor foo on tun1000000 { + + pass + } +} # comment after closing brace + Property changes on: head/sbin/pfctl/tests/files/pf0092.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0092.ok =================================================================== --- head/sbin/pfctl/tests/files/pf0092.ok (nonexistent) +++ head/sbin/pfctl/tests/files/pf0092.ok (revision 321030) @@ -0,0 +1,26 @@ +anchor all { + anchor in all { + pass quick all flags S/SA keep state + } + anchor out all { + anchor in all { + anchor out all { + anchor in all { + anchor out all { + anchor in all { + anchor out all { + anchor in all { + pass all flags S/SA keep state + } + } + } + } + } + } + } + } + pass in on tun1000000 all flags S/SA keep state + anchor "foo" on tun1000000 all { + pass all flags S/SA keep state + } +} Property changes on: head/sbin/pfctl/tests/files/pf0092.ok ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0094.in =================================================================== --- head/sbin/pfctl/tests/files/pf0094.in (nonexistent) +++ head/sbin/pfctl/tests/files/pf0094.in (revision 321030) @@ -0,0 +1,4 @@ +pass from 10.1.2.3 - 10.1.2.4 to 10.2.3.4 - 10.3.4.5 +pass from 0.0.0.0 - 255.255.255.255 +pass from 2001:6f8:1098::2 - 2001:6f8:1098::5 to 2001:6f8:1098::3 - 2001:6f8:1098::4 +pass from ::0 - ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff Property changes on: head/sbin/pfctl/tests/files/pf0094.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0094.ok =================================================================== --- head/sbin/pfctl/tests/files/pf0094.ok (nonexistent) +++ head/sbin/pfctl/tests/files/pf0094.ok (revision 321030) @@ -0,0 +1,4 @@ +pass inet from 10.1.2.3 - 10.1.2.4 to 10.2.3.4 - 10.3.4.5 flags S/SA keep state +pass inet from 0.0.0.0 - 255.255.255.255 to any flags S/SA keep state +pass inet6 from 2001:6f8:1098::2 - 2001:6f8:1098::5 to 2001:6f8:1098::3 - 2001:6f8:1098::4 flags S/SA keep state +pass inet6 from :: - ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff to any flags S/SA keep state Property changes on: head/sbin/pfctl/tests/files/pf0094.ok ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0095.in =================================================================== --- head/sbin/pfctl/tests/files/pf0095.in (nonexistent) +++ head/sbin/pfctl/tests/files/pf0095.in (revision 321030) @@ -0,0 +1,4 @@ + +include "./pf0095.include" + +block out proto tcp Property changes on: head/sbin/pfctl/tests/files/pf0095.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0095.include =================================================================== --- head/sbin/pfctl/tests/files/pf0095.include (nonexistent) +++ head/sbin/pfctl/tests/files/pf0095.include (revision 321030) @@ -0,0 +1,2 @@ + +block in proto udp Property changes on: head/sbin/pfctl/tests/files/pf0095.include ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0095.ok =================================================================== --- head/sbin/pfctl/tests/files/pf0095.ok (nonexistent) +++ head/sbin/pfctl/tests/files/pf0095.ok (revision 321030) @@ -0,0 +1,2 @@ +block drop in proto udp all +block drop out proto tcp all Property changes on: head/sbin/pfctl/tests/files/pf0095.ok ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0096.in =================================================================== --- head/sbin/pfctl/tests/files/pf0096.in (nonexistent) +++ head/sbin/pfctl/tests/files/pf0096.in (revision 321030) @@ -0,0 +1,5 @@ +# varset allows concatenated strings as numbers +myports = 5555 6666 +# and also can be used within another macro +moreports = $myports 7777 +pass in proto tcp from any to any port { $moreports } Property changes on: head/sbin/pfctl/tests/files/pf0096.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0096.ok =================================================================== --- head/sbin/pfctl/tests/files/pf0096.ok (nonexistent) +++ head/sbin/pfctl/tests/files/pf0096.ok (revision 321030) @@ -0,0 +1,5 @@ +myports = "5555 6666" +moreports = "5555 6666 7777" +pass in proto tcp from any to any port = 5555 flags S/SA keep state +pass in proto tcp from any to any port = 6666 flags S/SA keep state +pass in proto tcp from any to any port = 7777 flags S/SA keep state Property changes on: head/sbin/pfctl/tests/files/pf0096.ok ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0097.in =================================================================== --- head/sbin/pfctl/tests/files/pf0097.in (nonexistent) +++ head/sbin/pfctl/tests/files/pf0097.in (revision 321030) @@ -0,0 +1,4 @@ +pass in on em0 inet proto tcp from any to any port 220:230 divert-to 127.0.0.1 port 22 +#pass out on em0 inet proto tcp from any to any port 220:230 divert-reply +pass on em0 inet proto tcp from any to any port 80 divert-to 127.0.0.1 port 8080 +pass in on em0 inet proto 103 divert-to 127.0.0.1 port 103 # FIXME Property changes on: head/sbin/pfctl/tests/files/pf0097.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0097.ok =================================================================== --- head/sbin/pfctl/tests/files/pf0097.ok (nonexistent) +++ head/sbin/pfctl/tests/files/pf0097.ok (revision 321030) @@ -0,0 +1,3 @@ +pass in on em0 inet proto tcp from any to any port 220:230 flags S/SA keep state divert-to 22 +pass on em0 inet proto tcp from any to any port = http flags S/SA keep state divert-to 8080 +pass in on em0 inet proto pim all keep state divert-to 103 Property changes on: head/sbin/pfctl/tests/files/pf0097.ok ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0098.in =================================================================== --- head/sbin/pfctl/tests/files/pf0098.in (nonexistent) +++ head/sbin/pfctl/tests/files/pf0098.in (revision 321030) @@ -0,0 +1,4 @@ +# Test rule order processing should pass (require-order no longer required) +pass in on lo1000000 all +#match out on lo0 inet6 all nat-to lo0 + Property changes on: head/sbin/pfctl/tests/files/pf0098.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0098.ok =================================================================== --- head/sbin/pfctl/tests/files/pf0098.ok (nonexistent) +++ head/sbin/pfctl/tests/files/pf0098.ok (revision 321030) @@ -0,0 +1 @@ +pass in on lo1000000 all flags S/SA keep state Property changes on: head/sbin/pfctl/tests/files/pf0098.ok ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0100.in =================================================================== --- head/sbin/pfctl/tests/files/pf0100.in (nonexistent) +++ head/sbin/pfctl/tests/files/pf0100.in (revision 321030) @@ -0,0 +1,20 @@ +pass +anchor "a/b" +anchor "1/2/3" # test anchors with multiple path components +anchor "relative" { + pass in on lo0 label TEST1 +} +anchor "camield/*" # empty wildcard anchor + +anchor "relayd/*" + +anchor "foo" in on lo0 { + anchor "bar" in { # nested named inlined anchor + anchor "/1/2/3" # absolute multicomponent path + anchor "/relative" # absolute path + pass in on lo0 label FOO + } + anchor in { # nested unnamed inlined anchor + pass in on lo0 label BAR + } +} Property changes on: head/sbin/pfctl/tests/files/pf0100.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0100.ok =================================================================== --- head/sbin/pfctl/tests/files/pf0100.ok (nonexistent) +++ head/sbin/pfctl/tests/files/pf0100.ok (revision 321030) @@ -0,0 +1,18 @@ +pass all flags S/SA keep state +anchor "/b" all +anchor "/3" all +anchor "relative" all { + pass in on lo0 all flags S/SA keep state label "TEST1" +} +anchor "/*" all +anchor "/*" all +anchor "foo" in on lo0 all { + anchor "bar" in all { + anchor "/3" all + anchor "/relative" all + pass in on lo0 all flags S/SA keep state label "FOO" + } + anchor in all { + pass in on lo0 all flags S/SA keep state label "BAR" + } +} Property changes on: head/sbin/pfctl/tests/files/pf0100.ok ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0101.in =================================================================== --- head/sbin/pfctl/tests/files/pf0101.in (nonexistent) +++ head/sbin/pfctl/tests/files/pf0101.in (revision 321030) @@ -0,0 +1,8 @@ +# test prio + +pass set prio 3 + +pass out on lo1000000 proto tcp from any to any port 22 set prio (5 2) + +pass proto udp from any to { 127.0.0.1 127.0.0.2 } port 53 set prio 4 + Property changes on: head/sbin/pfctl/tests/files/pf0101.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0101.ok =================================================================== --- head/sbin/pfctl/tests/files/pf0101.ok (nonexistent) +++ head/sbin/pfctl/tests/files/pf0101.ok (revision 321030) @@ -0,0 +1,4 @@ +pass all flags S/SA set ( prio 3 ) keep state +pass out on lo1000000 proto tcp from any to any port = ssh flags S/SA set ( prio(5, 2) ) keep state +pass inet proto udp from any to 127.0.0.1 port = domain set ( prio 4 ) keep state +pass inet proto udp from any to 127.0.0.2 port = domain set ( prio 4 ) keep state Property changes on: head/sbin/pfctl/tests/files/pf0101.ok ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0102.in =================================================================== --- head/sbin/pfctl/tests/files/pf0102.in (nonexistent) +++ head/sbin/pfctl/tests/files/pf0102.in (revision 321030) @@ -0,0 +1,9 @@ +# test rule expansion with mixed af + +pass from {1.1.1.1 2002::} to (self) + +pass from {2002:: 1.1.1.1} to (self) + +pass from {1.1.1.1 2002::} to (self)/40 + +pass from {2002:: 1.1.1.1} to (self)/40 Property changes on: head/sbin/pfctl/tests/files/pf0102.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0102.ok =================================================================== --- head/sbin/pfctl/tests/files/pf0102.ok (nonexistent) +++ head/sbin/pfctl/tests/files/pf0102.ok (revision 321030) @@ -0,0 +1,8 @@ +pass inet from 1.1.1.1 to (self) flags S/SA keep state +pass inet6 from 2002:: to (self)/32 flags S/SA keep state +pass inet6 from 2002:: to (self) flags S/SA keep state +pass inet from 1.1.1.1 to (self) flags S/SA keep state +pass inet from 1.1.1.1 to (self) flags S/SA keep state +pass inet6 from 2002:: to (self)/32 flags S/SA keep state +pass inet6 from 2002:: to (self)/40 flags S/SA keep state +pass inet from 1.1.1.1 to (self) flags S/SA keep state Property changes on: head/sbin/pfctl/tests/files/pf0102.ok ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0104.in =================================================================== --- head/sbin/pfctl/tests/files/pf0104.in (nonexistent) +++ head/sbin/pfctl/tests/files/pf0104.in (revision 321030) @@ -0,0 +1,10 @@ +# This test assumes that localhost points to 127.0.0.1 first +pass in proto tcp to port 25 divert-to localhost port 8025 +# Test IPv4 addresses +pass in proto tcp to port 25 divert-to 127.0.0.1 port 8025 +pass in inet proto tcp to port 25 divert-to 127.0.0.1 port 8025 +pass in inet proto tcp to port 25 divert-to localhost port 8025 +# Test IPv6 addresses +pass in proto tcp to port 25 divert-to ::1 port 8025 +pass in inet6 proto tcp to port 25 divert-to ::1 port 8025 +pass in inet6 proto tcp to port 25 divert-to localhost port 8025 Property changes on: head/sbin/pfctl/tests/files/pf0104.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf0104.ok =================================================================== --- head/sbin/pfctl/tests/files/pf0104.ok (nonexistent) +++ head/sbin/pfctl/tests/files/pf0104.ok (revision 321030) @@ -0,0 +1,7 @@ +pass in proto tcp from any to any port = smtp flags S/SA keep state divert-to 8025 +pass in proto tcp from any to any port = smtp flags S/SA keep state divert-to 8025 +pass in inet proto tcp from any to any port = smtp flags S/SA keep state divert-to 8025 +pass in inet proto tcp from any to any port = smtp flags S/SA keep state divert-to 8025 +pass in proto tcp from any to any port = smtp flags S/SA keep state divert-to 8025 +pass in inet6 proto tcp from any to any port = smtp flags S/SA keep state divert-to 8025 +pass in inet6 proto tcp from any to any port = smtp flags S/SA keep state divert-to 8025 Property changes on: head/sbin/pfctl/tests/files/pf0104.ok ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf1001.in =================================================================== --- head/sbin/pfctl/tests/files/pf1001.in (nonexistent) +++ head/sbin/pfctl/tests/files/pf1001.in (revision 321030) @@ -0,0 +1,2 @@ +binat on em0 inet6 from fc00::/64 to any -> fc00:0:0:1::/64 +binat on em0 inet6 from any to fc00:0:0:1::/64 -> fc00::/64 Property changes on: head/sbin/pfctl/tests/files/pf1001.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf1001.ok =================================================================== --- head/sbin/pfctl/tests/files/pf1001.ok (nonexistent) +++ head/sbin/pfctl/tests/files/pf1001.ok (revision 321030) @@ -0,0 +1,2 @@ +binat on em0 inet6 from fc00::/64 to any -> fc00:0:0:1::/64 +binat on em0 inet6 from any to fc00:0:0:1::/64 -> fc00::/64 Property changes on: head/sbin/pfctl/tests/files/pf1001.ok ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf1002.in =================================================================== --- head/sbin/pfctl/tests/files/pf1002.in (nonexistent) +++ head/sbin/pfctl/tests/files/pf1002.in (revision 321030) @@ -0,0 +1 @@ +set timeout interval 10 Property changes on: head/sbin/pfctl/tests/files/pf1002.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf1002.ok =================================================================== --- head/sbin/pfctl/tests/files/pf1002.ok (nonexistent) +++ head/sbin/pfctl/tests/files/pf1002.ok (revision 321030) @@ -0,0 +1 @@ +set timeout interval 10 Property changes on: head/sbin/pfctl/tests/files/pf1002.ok ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf1003.in =================================================================== --- head/sbin/pfctl/tests/files/pf1003.in (nonexistent) +++ head/sbin/pfctl/tests/files/pf1003.in (revision 321030) @@ -0,0 +1,3 @@ +altq on em0 cbq(default) bandwidth 100Kb queue qmain +queue qmain priority 4 +pass on em0 queue qmain Property changes on: head/sbin/pfctl/tests/files/pf1003.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf1003.ok =================================================================== --- head/sbin/pfctl/tests/files/pf1003.ok (nonexistent) +++ head/sbin/pfctl/tests/files/pf1003.ok (revision 321030) @@ -0,0 +1,3 @@ +altq on em0 cbq( default ) bandwidth 100Kb tbrsize 1500 queue { qmain } +queue qmain priority 4 +pass on em0 all flags S/SA keep state queue qmain Property changes on: head/sbin/pfctl/tests/files/pf1003.ok ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf1004.in =================================================================== --- head/sbin/pfctl/tests/files/pf1004.in (nonexistent) +++ head/sbin/pfctl/tests/files/pf1004.in (revision 321030) @@ -0,0 +1,6 @@ +altq on em0 cbq(default codel) bandwidth 20Mb queue qmain +queue qmain { q1 q2 } +queue q1 priority 1 bandwidth 60% +queue q2 priority 2 bandwidth 40% +pass on em0 queue q1 +block on em0 queue q2 Property changes on: head/sbin/pfctl/tests/files/pf1004.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/sbin/pfctl/tests/files/pf1004.ok =================================================================== --- head/sbin/pfctl/tests/files/pf1004.ok (nonexistent) +++ head/sbin/pfctl/tests/files/pf1004.ok (revision 321030) @@ -0,0 +1,6 @@ +altq on em0 cbq( codel default ) bandwidth 20Mb tbrsize 12000 queue { qmain } +queue qmain { q1 q2 } +queue q1 bandwidth 60% +queue q2 bandwidth 40% priority 2 +pass on em0 all flags S/SA keep state queue q1 +block drop on em0 all queue q2 Property changes on: head/sbin/pfctl/tests/files/pf1004.ok ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: head/sbin/pfctl/tests/files/pfctl_test_descr.sh =================================================================== --- head/sbin/pfctl/tests/files/pfctl_test_descr.sh (nonexistent) +++ head/sbin/pfctl/tests/files/pfctl_test_descr.sh (revision 321030) @@ -0,0 +1,81 @@ +# $FreeBSD$ +# atf-sh, to be sourced by run.sh + +pf0001_descr () { echo "Pass with labels" ; } +pf0002_descr () { echo "Block/pass" ; } +pf0003_descr () { echo "Block/pass with flags" ; } +pf0004_descr () { echo "Block" ; } +pf0005_descr () { echo "Block with variables" ; } +pf0006_descr () { echo "Variables" ; } +pf0007_descr () { echo "Block/pass with return" ; } +pf0008_descr () { echo "Block with address list" ; } +pf0009_descr () { echo "Block with interface list" ; } +pf0010_descr () { echo "Block/pass with return" ; } +pf0011_descr () { echo "Block/pass ICMP" ; } +pf0012_descr () { echo "Pass to subnets" ; } +pf0013_descr () { echo "Pass quick" ; } +pf0014_descr () { echo "Pass quick IPv6" ; } +pf0016_descr () { echo "Pass with no state" ; } +pf0018_descr () { echo "Address lists" ; } +pf0019_descr () { echo "Lists" ; } +pf0020_descr () { echo "Lists" ; } +pf0022_descr () { echo "Set options" ; } +pf0023_descr () { echo "Block on negated interface" ; } +pf0024_descr () { echo "Variable concatenation" ; } +pf0025_descr () { echo "Antispoof" ; } +pf0026_descr () { echo "Block from negated interface" ; } +pf0028_descr () { echo "Block with log and quick" ; } +pf0030_descr () { echo "Line continuation" ; } +pf0031_descr () { echo "Block policy" ; } +pf0032_descr () { echo "Pass to any" ; } +pf0034_descr () { echo "Pass with probability" ; } +pf0035_descr () { echo "Matching on TOS" ; } +pf0038_descr () { echo "Pass with user" ; } +pf0039_descr () { echo "Ordered opts" ; } +pf0040_descr () { echo "Block/pass" ; } +pf0041_descr () { echo "Anchors" ; } +pf0047_descr () { echo "Pass with labels" ; } +pf0048_descr () { echo "Tables" ; } +pf0049_descr () { echo "Broadcast and network modifiers" ; } +pf0050_descr () { echo "Double macro set" ; } +pf0052_descr () { echo "Set optimization" ; } +pf0053_descr () { echo "Pass with labels" ; } +pf0055_descr () { echo "Set options" ; } +pf0056_descr () { echo "State opts" ; } +pf0057_descr () { echo "Variables" ; } +pf0060_descr () { echo "Pass from multicast" ; } +pf0061_descr () { echo "Dynaddr with netmask" ; } +pf0065_descr () { echo "Antispoof with labels" ; } +pf0067_descr () { echo "Tags" ; } +pf0069_descr () { echo "Tags" ; } +pf0070_descr () { echo "Tags" ; } +pf0071_descr () { echo "Tags" ; } +pf0072_descr () { echo "Tags" ; } +pf0074_descr () { echo "Synproxy" ; } +pf0075_descr () { echo "Block quick with tags" ; } +pf0077_descr () { echo "Dynaddr with netmask" ; } +pf0078_descr () { echo "Table with label" ; } +pf0079_descr () { echo "No-route with label" ; } +pf0081_descr () { echo "Address list and table list with no-route" ; } +pf0082_descr () { echo "Pass with interface, table and no-route" ; } +pf0084_descr () { echo "Source track" ; } +pf0085_descr () { echo "Tag macro expansion" ; } +pf0087_descr () { echo "Optimization rule reordering" ; } +pf0088_descr () { echo "Optimization duplicate rules handling" ; } +pf0089_descr () { echo "TCP connection tracking" ; } +pf0090_descr () { echo "Log opts" ; } +pf0091_descr () { echo "Nested anchors" ; } +pf0092_descr () { echo "Comments" ; } +pf0094_descr () { echo "Address ranges" ; } +pf0095_descr () { echo "Include" ; } +pf0096_descr () { echo "Variables" ; } +pf0097_descr () { echo "Divert-to" ; } +pf0098_descr () { echo "Pass" ; } +pf0100_descr () { echo "Anchor with multiple path components" ; } +pf0101_descr () { echo "Prio" ; } +pf0102_descr () { echo "Address lists with mixed address family" ; } +pf0104_descr () { echo "Divert-to with localhost" ; } +pf1001_descr () { echo "Binat" ; } +pf1002_descr () { echo "Set timeout interval" ; } +pf1003_descr () { echo "ALTQ" ; } +pf1004_descr () { echo "ALTQ with Codel" ; } Property changes on: head/sbin/pfctl/tests/files/pfctl_test_descr.sh ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:executable ## -0,0 +1 ## +* \ No newline at end of property Added: svn:keywords ## -0,0 +1 ## +FreeBSD=%H \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/sbin/pfctl/tests/pfctl_test.sh =================================================================== --- head/sbin/pfctl/tests/pfctl_test.sh (nonexistent) +++ head/sbin/pfctl/tests/pfctl_test.sh (revision 321030) @@ -0,0 +1,47 @@ +# $FreeBSD$ +# Make will add a #! line at the top of this file. + +# Tests 0001-0999 are copied from OpenBSD's regress/sbin/pfctl. +# Tests 1001-1999 are ours (FreeBSD's own). + +# pf: Run pfctl -nv on pfNNNN.in and check that the output matches pfNNNN.ok. +# Copied from OpenBSD. Main differences are some things not working +# in FreeBSD: +# * The action 'match' +# * The command 'set reassemble' +# * The 'from'/'to' options together with 'route-to' +# * The option 'scrub' (it is an action in FreeBSD) +# * Accepting undefined routing tables in actions (??: see pf0093.in) +# * The 'route' option +# * The 'set queue def' option +# selfpf: Feed pfctl output through pfctl again and verify it stays the same. +# Copied from OpenBSD. + +pftests="0001 0002 0003 0004 0005 0006 0007 0008 0009 0010 0011 0012 +0013 0014 0016 0018 0019 0020 0022 0023 0024 0025 0026 0028 0030 0031 +0032 0034 0035 0038 0039 0040 0041 0047 0048 0049 0050 0052 0053 0055 +0056 0057 0060 0061 0065 0067 0069 0070 0071 0072 0074 0075 0077 0078 +0079 0081 0082 0084 0085 0087 0088 0089 0090 0091 0092 0094 0095 0096 +0097 0098 0100 0101 0102 0104 1001 1002 1003 1004" + +. $(atf_get_srcdir)/files/pfctl_test_descr.sh + +for i in ${pftests} ; do + atf_test_case "pf${i}" + eval "pf${i}_head () { atf_set descr \"$(pf${i}_descr)\" ; }" + eval "pf${i}_body () { \ + cd $(atf_get_srcdir)/files && \ + atf_check -o file:pf${i}.ok \ + pfctl -o none -nvf - < pf${i}.in ; }" + + atf_test_case "selfpf${i}" + eval "selfpf${i}_head () { atf_set descr \"self$(pf${i}_descr)\" ; }" + eval "selfpf${i}_body () { \ + cd $(atf_get_srcdir)/files && \ + atf_check -o file:pf${i}.ok \ + pfctl -o none -nvf - < pf${i}.ok ; }" +done + +atf_init_test_cases () { + for i in ${pftests} ; do atf_add_test_case "pf${i}" + atf_add_test_case "selfpf${i}" ; done ; } Property changes on: head/sbin/pfctl/tests/pfctl_test.sh ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:executable ## -0,0 +1 ## +* \ No newline at end of property Added: svn:keywords ## -0,0 +1 ## +FreeBSD=%H \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/targets/pseudo/tests/Makefile.depend =================================================================== --- head/targets/pseudo/tests/Makefile.depend (revision 321029) +++ head/targets/pseudo/tests/Makefile.depend (revision 321030) @@ -1,364 +1,365 @@ # $FreeBSD$ # This file is not autogenerated - take care! .include # find . -name Makefile -exec grep -l '^\.include.*\.test.mk' {} + | grep -v '^\./contrib' | sed -e 's,/Makefile,,' -e 's,^\./,,' -e 's,^, ,' -e 's,$, \\,' | sort DIRDEPS= \ bin/cat/tests \ bin/date/tests \ bin/dd/tests \ bin/expr/tests \ bin/ls/tests \ bin/mv/tests \ bin/pax/tests \ bin/pkill/tests \ bin/pwait/tests \ bin/sh/tests \ bin/sh/tests/builtins \ bin/sh/tests/errors \ bin/sh/tests/execution \ bin/sh/tests/expansion \ bin/sh/tests/parameters \ bin/sh/tests/parser \ bin/sh/tests/set-e \ bin/sleep/tests \ bin/test/tests \ bin/tests \ cddl/lib/tests \ cddl/sbin/tests \ cddl/tests \ cddl/usr.bin/tests \ cddl/usr.sbin/dtrace/tests \ cddl/usr.sbin/dtrace/tests/common \ cddl/usr.sbin/dtrace/tests/common/aggs \ cddl/usr.sbin/dtrace/tests/common/arithmetic \ cddl/usr.sbin/dtrace/tests/common/arrays \ cddl/usr.sbin/dtrace/tests/common/assocs \ cddl/usr.sbin/dtrace/tests/common/begin \ cddl/usr.sbin/dtrace/tests/common/bitfields \ cddl/usr.sbin/dtrace/tests/common/buffering \ cddl/usr.sbin/dtrace/tests/common/builtinvar \ cddl/usr.sbin/dtrace/tests/common/cg \ cddl/usr.sbin/dtrace/tests/common/clauses \ cddl/usr.sbin/dtrace/tests/common/cpc \ cddl/usr.sbin/dtrace/tests/common/decls \ cddl/usr.sbin/dtrace/tests/common/docsExamples \ cddl/usr.sbin/dtrace/tests/common/drops \ cddl/usr.sbin/dtrace/tests/common/dtraceUtil \ cddl/usr.sbin/dtrace/tests/common/end \ cddl/usr.sbin/dtrace/tests/common/enum \ cddl/usr.sbin/dtrace/tests/common/error \ cddl/usr.sbin/dtrace/tests/common/exit \ cddl/usr.sbin/dtrace/tests/common/fbtprovider \ cddl/usr.sbin/dtrace/tests/common/funcs \ cddl/usr.sbin/dtrace/tests/common/grammar \ cddl/usr.sbin/dtrace/tests/common/include \ cddl/usr.sbin/dtrace/tests/common/inline \ cddl/usr.sbin/dtrace/tests/common/io \ cddl/usr.sbin/dtrace/tests/common/ip \ cddl/usr.sbin/dtrace/tests/common/java_api \ cddl/usr.sbin/dtrace/tests/common/json \ cddl/usr.sbin/dtrace/tests/common/lexer \ cddl/usr.sbin/dtrace/tests/common/llquantize \ cddl/usr.sbin/dtrace/tests/common/mdb \ cddl/usr.sbin/dtrace/tests/common/mib \ cddl/usr.sbin/dtrace/tests/common/misc \ cddl/usr.sbin/dtrace/tests/common/multiaggs \ cddl/usr.sbin/dtrace/tests/common/nfs \ cddl/usr.sbin/dtrace/tests/common/offsetof \ cddl/usr.sbin/dtrace/tests/common/operators \ cddl/usr.sbin/dtrace/tests/common/pid \ cddl/usr.sbin/dtrace/tests/common/plockstat \ cddl/usr.sbin/dtrace/tests/common/pointers \ cddl/usr.sbin/dtrace/tests/common/pragma \ cddl/usr.sbin/dtrace/tests/common/predicates \ cddl/usr.sbin/dtrace/tests/common/preprocessor \ cddl/usr.sbin/dtrace/tests/common/print \ cddl/usr.sbin/dtrace/tests/common/printa \ cddl/usr.sbin/dtrace/tests/common/printf \ cddl/usr.sbin/dtrace/tests/common/privs \ cddl/usr.sbin/dtrace/tests/common/probes \ cddl/usr.sbin/dtrace/tests/common/proc \ cddl/usr.sbin/dtrace/tests/common/profile-n \ cddl/usr.sbin/dtrace/tests/common/providers \ cddl/usr.sbin/dtrace/tests/common/raise \ cddl/usr.sbin/dtrace/tests/common/rates \ cddl/usr.sbin/dtrace/tests/common/safety \ cddl/usr.sbin/dtrace/tests/common/scalars \ cddl/usr.sbin/dtrace/tests/common/sched \ cddl/usr.sbin/dtrace/tests/common/scripting \ cddl/usr.sbin/dtrace/tests/common/sdt \ cddl/usr.sbin/dtrace/tests/common/sizeof \ cddl/usr.sbin/dtrace/tests/common/speculation \ cddl/usr.sbin/dtrace/tests/common/stability \ cddl/usr.sbin/dtrace/tests/common/stack \ cddl/usr.sbin/dtrace/tests/common/stackdepth \ cddl/usr.sbin/dtrace/tests/common/stop \ cddl/usr.sbin/dtrace/tests/common/strlen \ cddl/usr.sbin/dtrace/tests/common/strtoll \ cddl/usr.sbin/dtrace/tests/common/struct \ cddl/usr.sbin/dtrace/tests/common/sugar \ cddl/usr.sbin/dtrace/tests/common/syscall \ cddl/usr.sbin/dtrace/tests/common/sysevent \ cddl/usr.sbin/dtrace/tests/common/tick-n \ cddl/usr.sbin/dtrace/tests/common/trace \ cddl/usr.sbin/dtrace/tests/common/tracemem \ cddl/usr.sbin/dtrace/tests/common/translators \ cddl/usr.sbin/dtrace/tests/common/typedef \ cddl/usr.sbin/dtrace/tests/common/types \ cddl/usr.sbin/dtrace/tests/common/uctf \ cddl/usr.sbin/dtrace/tests/common/union \ cddl/usr.sbin/dtrace/tests/common/usdt \ cddl/usr.sbin/dtrace/tests/common/ustack \ cddl/usr.sbin/dtrace/tests/common/vars \ cddl/usr.sbin/dtrace/tests/common/version \ cddl/usr.sbin/tests \ cddl/usr.sbin/zfsd/tests \ gnu/lib/tests \ gnu/tests \ gnu/usr.bin/diff/tests \ gnu/usr.bin/tests \ lib/atf/libatf-c++/tests \ lib/atf/libatf-c++/tests/detail \ lib/atf/libatf-c/tests \ lib/atf/libatf-c/tests/detail \ lib/atf/tests \ lib/atf/tests/test-programs \ lib/libarchive/tests \ lib/libc/tests \ lib/libc/tests/c063 \ lib/libc/tests/db \ lib/libc/tests/gen \ lib/libc/tests/gen/execve \ lib/libc/tests/gen/posix_spawn \ lib/libc/tests/hash \ lib/libc/tests/iconv \ lib/libc/tests/inet \ lib/libc/tests/locale \ lib/libc/tests/net \ lib/libc/tests/net/getaddrinfo \ lib/libc/tests/nss \ lib/libc/tests/regex \ lib/libc/tests/resolv \ lib/libc/tests/rpc \ lib/libc/tests/setjmp \ lib/libc/tests/ssp \ lib/libc/tests/stdio \ lib/libc/tests/stdlib \ lib/libc/tests/string \ lib/libc/tests/sys \ lib/libc/tests/termios \ lib/libc/tests/time \ lib/libc/tests/tls \ lib/libc/tests/ttyio \ lib/libcam/tests \ lib/libcasper/services/cap_dns/tests \ lib/libcasper/services/cap_grp/tests \ lib/libcasper/services/cap_pwd/tests \ lib/libcasper/services/cap_sysctl/tests \ lib/libcrypt/tests \ lib/libdevdctl/tests \ lib/libkvm/tests \ lib/libmp/tests \ lib/libnv/tests \ lib/libpathconv/tests \ lib/libproc/tests \ lib/librt/tests \ lib/libsbuf/tests \ lib/libthr/tests \ lib/libthr/tests/dlopen \ lib/libthr/tests/dlopen/dso \ lib/libthread_db/tests \ lib/libutil/tests \ lib/libxo/tests \ lib/msun/tests \ lib/tests \ libexec/atf/atf-check/tests \ libexec/atf/atf-sh/tests \ libexec/atf/tests \ libexec/rtld-elf/tests \ libexec/tests \ sbin/devd/tests \ sbin/dhclient/tests \ sbin/growfs/tests \ sbin/ifconfig/tests \ sbin/mdconfig/tests \ + sbin/pfctl/tests \ sbin/tests \ secure/lib/tests \ secure/libexec/tests \ secure/tests \ secure/usr.bin/tests \ secure/usr.sbin/tests \ share/examples/tests \ share/examples/tests/tests \ share/examples/tests/tests/atf \ share/examples/tests/tests/plain \ share/tests \ tests \ tests/etc \ tests/etc/rc.d \ tests/sys \ tests/sys/acl \ tests/sys/aio \ tests/sys/fifo \ tests/sys/file \ tests/sys/fs \ tests/sys/fs/tmpfs \ tests/sys/geom \ tests/sys/geom/class \ tests/sys/geom/class/concat \ tests/sys/geom/class/eli \ tests/sys/geom/class/gate \ tests/sys/geom/class/mirror \ tests/sys/geom/class/nop \ tests/sys/geom/class/raid3 \ tests/sys/geom/class/shsec \ tests/sys/geom/class/stripe \ tests/sys/geom/class/uzip \ tests/sys/kern \ tests/sys/kern/acct \ tests/sys/kern/execve \ tests/sys/kern/pipe \ tests/sys/kqueue \ tests/sys/kqueue/libkqueue \ tests/sys/mac \ tests/sys/mac/bsdextended \ tests/sys/mac/portacl \ tests/sys/mqueue \ tests/sys/netinet \ tests/sys/opencrypto \ tests/sys/pjdfstest/tests \ tests/sys/pjdfstest/tests/chflags \ tests/sys/pjdfstest/tests/chmod \ tests/sys/pjdfstest/tests/chown \ tests/sys/pjdfstest/tests/ftruncate \ tests/sys/pjdfstest/tests/granular \ tests/sys/pjdfstest/tests/link \ tests/sys/pjdfstest/tests/mkdir \ tests/sys/pjdfstest/tests/mkfifo \ tests/sys/pjdfstest/tests/mknod \ tests/sys/pjdfstest/tests/open \ tests/sys/pjdfstest/tests/rename \ tests/sys/pjdfstest/tests/rmdir \ tests/sys/pjdfstest/tests/symlink \ tests/sys/pjdfstest/tests/truncate \ tests/sys/pjdfstest/tests/unlink \ tests/sys/posixshm \ tests/sys/sys \ tests/sys/vfs \ tests/sys/vm \ usr.bin/apply/tests \ usr.bin/basename/tests \ usr.bin/bmake/tests \ usr.bin/bmake/tests/archives \ usr.bin/bmake/tests/archives/fmt_44bsd \ usr.bin/bmake/tests/archives/fmt_44bsd_mod \ usr.bin/bmake/tests/archives/fmt_oldbsd \ usr.bin/bmake/tests/basic \ usr.bin/bmake/tests/basic/t0 \ usr.bin/bmake/tests/basic/t1 \ usr.bin/bmake/tests/basic/t2 \ usr.bin/bmake/tests/basic/t3 \ usr.bin/bmake/tests/execution \ usr.bin/bmake/tests/execution/ellipsis \ usr.bin/bmake/tests/execution/empty \ usr.bin/bmake/tests/execution/joberr \ usr.bin/bmake/tests/execution/plus \ usr.bin/bmake/tests/shell \ usr.bin/bmake/tests/shell/builtin \ usr.bin/bmake/tests/shell/meta \ usr.bin/bmake/tests/shell/path \ usr.bin/bmake/tests/shell/path_select \ usr.bin/bmake/tests/shell/replace \ usr.bin/bmake/tests/shell/select \ usr.bin/bmake/tests/suffixes \ usr.bin/bmake/tests/suffixes/basic \ usr.bin/bmake/tests/suffixes/src_wild1 \ usr.bin/bmake/tests/suffixes/src_wild2 \ usr.bin/bmake/tests/syntax \ usr.bin/bmake/tests/syntax/directive-t0 \ usr.bin/bmake/tests/syntax/enl \ usr.bin/bmake/tests/syntax/funny-targets \ usr.bin/bmake/tests/syntax/semi \ usr.bin/bmake/tests/sysmk \ usr.bin/bmake/tests/sysmk/t0 \ usr.bin/bmake/tests/sysmk/t0/2 \ usr.bin/bmake/tests/sysmk/t0/2/1 \ usr.bin/bmake/tests/sysmk/t0/mk \ usr.bin/bmake/tests/sysmk/t1 \ usr.bin/bmake/tests/sysmk/t1/2 \ usr.bin/bmake/tests/sysmk/t1/2/1 \ usr.bin/bmake/tests/sysmk/t1/mk \ usr.bin/bmake/tests/sysmk/t2 \ usr.bin/bmake/tests/sysmk/t2/2 \ usr.bin/bmake/tests/sysmk/t2/2/1 \ usr.bin/bmake/tests/sysmk/t2/mk \ usr.bin/bmake/tests/variables \ usr.bin/bmake/tests/variables/modifier_M \ usr.bin/bmake/tests/variables/modifier_t \ usr.bin/bmake/tests/variables/opt_V \ usr.bin/bmake/tests/variables/t0 \ usr.bin/bsdcat/tests \ usr.bin/calendar/tests \ usr.bin/cmp/tests \ usr.bin/col/tests \ usr.bin/comm/tests \ usr.bin/cpio/tests \ usr.bin/cut/tests \ usr.bin/diff/tests \ usr.bin/dirname/tests \ usr.bin/file2c/tests \ usr.bin/grep/tests \ usr.bin/gzip/tests \ usr.bin/ident/tests \ usr.bin/indent/tests \ usr.bin/join/tests \ usr.bin/jot/tests \ usr.bin/lastcomm/tests \ usr.bin/limits/tests \ usr.bin/m4/tests \ usr.bin/mkimg/tests \ usr.bin/ncal/tests \ usr.bin/pr/tests \ usr.bin/printf/tests \ usr.bin/sdiff/tests \ usr.bin/sed/tests \ usr.bin/sed/tests/regress.multitest.out \ usr.bin/soelim/tests \ usr.bin/tail/tests \ usr.bin/tar/tests \ usr.bin/tests \ usr.bin/timeout/tests \ usr.bin/tr/tests \ usr.bin/truncate/tests \ usr.bin/uniq/tests \ usr.bin/units/tests \ usr.bin/uudecode/tests \ usr.bin/uuencode/tests \ usr.bin/xargs/tests \ usr.bin/xinstall/tests \ usr.bin/xo/tests \ usr.bin/yacc/tests \ usr.sbin/chown/tests \ usr.sbin/etcupdate/tests \ usr.sbin/extattr/tests \ usr.sbin/fstyp/tests \ usr.sbin/makefs/tests \ usr.sbin/newsyslog/tests \ usr.sbin/nmtree/tests \ usr.sbin/pw/tests \ usr.sbin/rpcbind/tests \ usr.sbin/sa/tests \ usr.sbin/tests \ # Remove some known to be broken DIRDEPS:= ${DIRDEPS:Ncddl/usr.sbin/dtrace/tests/common/nfs} DIRDEPS:= ${DIRDEPS:Ncddl/usr.sbin/dtrace/tests/common/sysevent} DIRDEPS:= ${DIRDEPS:Ncddl/usr.sbin/dtrace/tests/common/docsExamples} DIRDEPS:= ${DIRDEPS:Ncddl/usr.sbin/zfsd/tests} DIRDEPS:= ${DIRDEPS:Nlib/libc/tests/net/getaddrinfo} .include