**sudo pfctl -vnf /etc/pf.conf**Password:pfctl: Use of -f option, could result

1. **sudo pfctl -vnf /etc/pf.conf**
2. Password:
3. pfctl: Use of -f option, could result in flushing of rules
4. present in the main ruleset added by the system at startup.
5. See /etc/pf.conf for further details.
6.  
7. scrub-anchor "/*" all fragment reassemble
8. nat-anchor "/*" all
9. rdr-anchor "/*" all
10. anchor "/*" all
11. anchor "/*" all
12. dummynet-anchor "/*" all
13.  
14. Loading anchor com.apple from /etc/pf.anchors/com.apple
15. anchor "/*" all
16. anchor "/*" all
17. anchor "/*" all
18.  
19. Loading anchor com.apple.server-firewall from /etc/pf.anchors/com.apple.server-firewall
20. anchor "base" all
21. anchor "custom-firewall" all
22.  
23. Loading anchor com.apple/400.AdaptiveFirewall from /Applications/Server.app/Contents/ServerRoot/private/etc/pf.anchors/400.AdaptiveFirewall
24. table <blockedHosts> persist file "/var/db/af/blockedHosts"
25. block drop in quick from <blockedHosts> to any
26.  
27. Loading anchor com.apple.server-firewall/base from /Library/Server/Firewall/Anchors/default_anchor.txt
28. block drop in all
29. pass in quick proto udp from any port = 67 to any port = 68 keep state
30. pass out all flags any keep state
31.  
32. Loading anchor com.apple.server-firewall/custom-firewall from /Library/Server/Firewall/Anchors/custom_anchor.txt
33. pass in inet from 10.0.0.0/8 to any no state
34. pass in inet from 192.168.0.0/16 to any no state
35. pass in inet from 169.254.0.0/16 to any no state
36. pass in inet from 127.0.0.1 to any no state
37. pass in inet from 172.16.0.0/12 to any no state
38. pass in inet6 from fc00::/7 to any no state
39. pass in inet6 from ::1 to any no state
40. block drop in proto udp from any to any port = 1701
41. block drop in proto udp from any to any port = 500
42. block drop in proto udp from any to any port = 4500
43. pass in inet proto tcp from 10.0.0.0/8 to any port = 22 no state
44. pass in inet proto tcp from 192.168.0.0/16 to any port = 22 no state
45. pass in inet proto tcp from 169.254.0.0/16 to any port = 22 no state
46. pass in inet proto tcp from 127.0.0.1 to any port = 22 no state
47. pass in inet proto tcp from 172.16.0.0/12 to any port = 22 no state
48. pass in inet proto tcp from 10.0.0.0/8 to any port = 443 no state
49. pass in inet proto tcp from 192.168.0.0/16 to any port = 443 no state
50. pass in inet proto tcp from 169.254.0.0/16 to any port = 443 no state
51. pass in inet proto tcp from 127.0.0.1 to any port = 443 no state
52. pass in inet proto tcp from 172.16.0.0/12 to any port = 443 no state
53. pass in inet proto tcp from 10.0.0.0/8 to any port = 80 no state
54. pass in inet proto tcp from 192.168.0.0/16 to any port = 80 no state
55. pass in inet proto tcp from 169.254.0.0/16 to any port = 80 no state
56. pass in inet proto tcp from 127.0.0.1 to any port = 80 no state
57. pass in inet proto tcp from 172.16.0.0/12 to any port = 80 no state
58. pass in inet6 proto tcp from fc00::/7 to any port = 22 no state
59. pass in inet6 proto tcp from fc00::/7 to any port = 443 no state
60. pass in inet6 proto tcp from fc00::/7 to any port = 80 no state
61. pass in inet6 proto tcp from ::1 to any port = 22 no state
62. pass in inet6 proto tcp from ::1 to any port = 443 no state
63. pass in inet6 proto tcp from ::1 to any port = 80 no state
64. pass in inet proto udp from any to any port = 1701 no state
65. pass in inet proto udp from any to any port = 500 no state
66. pass in inet proto udp from any to any port = 4500 no state
67. pass in inet6 proto udp from any to any port = 1701 no state
68. pass in inet6 proto udp from any to any port = 500 no state
69. pass in inet6 proto udp from any to any port = 4500 no state