API tools faq
paste
Guest User

Untitled

a guest
Jan 17th, 2017
79
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 27.82 KB | None | 0 0
raw download clone embed print report
  1. pfctl -sa
  2. TRANSLATION RULES:
  3. no nat proto carp all
  4. nat-anchor "natearly/*" all
  5. nat-anchor "natrules/*" all
  6. nat on lagg0_vlan2000 inet from <tonatsubnets> to any port = isakmp -> 192.168.0.10 static-port
  7. nat on lagg0_vlan2000 inet from <tonatsubnets> to any -> 192.168.0.10 port 1024:65535
  8. no rdr proto carp all
  9. rdr-anchor "relayd/*" all
  10. rdr-anchor "tftp-proxy/*" all
  11. rdr-anchor "miniupnpd" all
  12.  
  13. FILTER RULES:
  14. scrub on lagg0_vlan2000 all fragment reassemble
  15. scrub on lagg0_vlan1007 all fragment reassemble
  16. scrub on lagg0_vlan2010 all fragment reassemble
  17. scrub on lagg0_vlan1005 all fragment reassemble
  18. scrub on lagg0_vlan1008 all fragment reassemble
  19. scrub on lagg0_vlan1006 all fragment reassemble
  20. anchor "relayd/*" all
  21. anchor "openvpn/*" all
  22. anchor "ipsec/*" all
  23. block drop in log quick inet from 169.254.0.0/16 to any label "Block IPv4 link-local"
  24. block drop in log quick inet from any to 169.254.0.0/16 label "Block IPv4 link-local"
  25. block drop in log inet all label "Default deny rule IPv4"
  26. block drop out log inet all label "Default deny rule IPv4"
  27. block drop in log inet6 all label "Default deny rule IPv6"
  28. block drop out log inet6 all label "Default deny rule IPv6"
  29. pass quick inet6 proto ipv6-icmp all icmp6-type unreach keep state
  30. pass quick inet6 proto ipv6-icmp all icmp6-type toobig keep state
  31. pass quick inet6 proto ipv6-icmp all icmp6-type neighbrsol keep state
  32. pass quick inet6 proto ipv6-icmp all icmp6-type neighbradv keep state
  33. pass out quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type echorep keep state
  34. pass out quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type routersol keep state
  35. pass out quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type routeradv keep state
  36. pass out quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type neighbrsol keep state
  37. pass out quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type neighbradv keep state
  38. pass out quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type echorep keep state
  39. pass out quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type routersol keep state
  40. pass out quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type routeradv keep state
  41. pass out quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type neighbrsol keep state
  42. pass out quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type neighbradv keep state
  43. pass in quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type echoreq keep state
  44. pass in quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type routersol keep state
  45. pass in quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type routeradv keep state
  46. pass in quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type neighbrsol keep state
  47. pass in quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type neighbradv keep state
  48. pass in quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 icmp6-type echoreq keep state
  49. pass in quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 icmp6-type routersol keep state
  50. pass in quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 icmp6-type routeradv keep state
  51. pass in quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 icmp6-type neighbrsol keep state
  52. pass in quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 icmp6-type neighbradv keep state
  53. pass in quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type echoreq keep state
  54. pass in quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type routersol keep state
  55. pass in quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type routeradv keep state
  56. pass in quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type neighbrsol keep state
  57. pass in quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type neighbradv keep state
  58. block drop log quick inet proto tcp from any port = 0 to any label "Block traffic from port 0"
  59. block drop log quick inet proto udp from any port = 0 to any label "Block traffic from port 0"
  60. block drop log quick inet proto tcp from any to any port = 0 label "Block traffic to port 0"
  61. block drop log quick inet proto udp from any to any port = 0 label "Block traffic to port 0"
  62. block drop log quick inet6 proto tcp from any port = 0 to any label "Block traffic from port 0"
  63. block drop log quick inet6 proto udp from any port = 0 to any label "Block traffic from port 0"
  64. block drop log quick inet6 proto tcp from any to any port = 0 label "Block traffic to port 0"
  65. block drop log quick inet6 proto udp from any to any port = 0 label "Block traffic to port 0"
  66. block drop log quick from <snort2c> to any label "Block snort2c hosts"
  67. block drop log quick from any to <snort2c> label "Block snort2c hosts"
  68. block drop in log quick proto carp from (self) to any
  69. pass quick proto carp all no state
  70. block drop in log quick proto tcp from <sshlockout> to (self) port = rsh-spx label "sshlockout"
  71. block drop in log quick proto tcp from <webConfiguratorlockout> to (self) port = https label "webConfiguratorlockout"
  72. block drop in log quick from <virusprot> to any label "virusprot overload table"
  73. block drop in log quick on lagg0_vlan2000 from <bogons> to any label "block bogon IPv4 networks from WAN"
  74. block drop in log quick on lagg0_vlan2000 from <bogonsv6> to any label "block bogon IPv6 networks from WAN"
  75. block drop in log on ! lagg0_vlan2000 inet from 192.168.0.0/24 to any
  76. block drop in log inet from 192.168.0.10 to any
  77. block drop in log inet from 192.168.0.12 to any
  78. block drop in log on lagg0_vlan2000 inet6 from fe80::ec4:7aff:feac:9c73 to any
  79. block drop in log on ! lagg0_vlan1007 inet from 10.10.7.0/24 to any
  80. block drop in log inet from 10.10.7.10 to any
  81. block drop in log on lagg0_vlan1007 inet6 from fe80::ec4:7aff:feac:9c73 to any
  82. block drop in log on ! lagg0_vlan2010 inet from 172.19.0.0/20 to any
  83. block drop in log inet from 172.19.3.10 to any
  84. block drop in log inet from 172.19.3.12 to any
  85. block drop in log on lagg0_vlan2010 inet6 from fe80::ec4:7aff:feac:9c73 to any
  86. block drop in log on ! lagg0_vlan1008 inet from 10.10.8.0/24 to any
  87. block drop in log inet from 10.10.8.10 to any
  88. block drop in log inet from 10.10.8.12 to any
  89. block drop in log on lagg0_vlan1008 inet6 from fe80::ec4:7aff:feac:9c73 to any
  90. pass in on lo0 inet all flags S/SA keep state label "pass IPv4 loopback"
  91. pass out on lo0 inet all flags S/SA keep state label "pass IPv4 loopback"
  92. pass in on lo0 inet6 all flags S/SA keep state label "pass IPv6 loopback"
  93. pass out on lo0 inet6 all flags S/SA keep state label "pass IPv6 loopback"
  94. pass out inet all flags S/SA keep state allow-opts label "let out anything IPv4 from firewall host itself"
  95. pass out inet6 all flags S/SA keep state allow-opts label "let out anything IPv6 from firewall host itself"
  96. pass out route-to (lagg0_vlan2000 192.168.0.5) inet from 192.168.0.10 to ! 192.168.0.0/24 flags S/SA keep state allow-opts label "let out anything from firewall host itself"
  97. pass out route-to (lagg0_vlan2000 192.168.0.5) inet from 192.168.0.12 to ! 192.168.0.0/24 flags S/SA keep state allow-opts label "let out anything from firewall host itself"
  98. pass in quick on lagg0_vlan1007 proto tcp from any to (lagg0_vlan1007) port = https flags S/SA keep state label "anti-lockout rule"
  99. pass in quick on lagg0_vlan1007 proto tcp from any to (lagg0_vlan1007) port = http flags S/SA keep state label "anti-lockout rule"
  100. pass in quick on lagg0_vlan1007 proto tcp from any to (lagg0_vlan1007) port = rsh-spx flags S/SA keep state label "anti-lockout rule"
  101. anchor "userrules/*" all
  102. pass out quick on lagg0_vlan2000 inet from <BACKUP_SERVERS> to any flags S/SA keep state allow-opts label "USER_RULE: TEST ROUTING"
  103. pass in quick on openvpn inet all flags S/SA keep state label "USER_RULE: TEMP"
  104. pass in quick on openvpn inet from any to (self) flags S/SA keep state label "USER_RULE: TEMP"
  105. pass in quick on lagg0_vlan2000 reply-to (lagg0_vlan2000 192.168.0.5) inet proto tcp from any to (self) port = https flags S/SA keep state label "USER_RULE: Easy Rule: Passed from Firewall Log View"
  106. pass in quick on lagg0_vlan2000 reply-to (lagg0_vlan2000 192.168.0.5) inet proto tcp from <ITOP_PUBLIC_IP> to (self) port = rsh-spx flags S/SA keep state label "USER_RULE"
  107. pass in quick on lagg0_vlan2000 reply-to (lagg0_vlan2000 192.168.0.5) inet proto tcp from <ITOP_PUBLIC_IP> to (self) port = https flags S/SA keep state label "USER_RULE"
  108. pass in quick on lagg0_vlan2000 reply-to (lagg0_vlan2000 192.168.0.5) inet proto tcp from any to (self) port = rsh-spx flags S/SA keep state label "USER_RULE: Easy Rule: Passed from Firewall Log View"
  109. pass in quick on lagg0_vlan1007 inet proto carp from any to (self) keep state label "USER_RULE: CARP ALLOWED"
  110. pass in quick on lagg0_vlan1007 inet proto pfsync from any to (self) keep state label "USER_RULE: PFSYNC ALLOWED"
  111. pass in quick on lagg0_vlan2010 inet proto tcp from any to (self) port = http flags S/SA keep state label "USER_RULE: WEB INTERFACE"
  112. pass in quick on lagg0_vlan2010 inet proto tcp from any to (self) port = https flags S/SA keep state label "USER_RULE: WEB INTERFACE"
  113. pass in quick on lagg0_vlan2010 inet proto tcp from any to (self) port = rsh-spx flags S/SA keep state label "USER_RULE: SSH"
  114. pass in quick on lagg0_vlan2010 inet proto icmp from any to (self) keep state label "USER_RULE"
  115. pass in quick on lagg0_vlan2010 inet from any to <HQ_LANS> flags S/SA keep state label "USER_RULE: oldlan2hqlans"
  116. block drop in quick on lagg0_vlan2010 inet from any to <LANs_RFC1918> label "USER_RULE: LAST RULE-1"
  117. pass in quick on lagg0_vlan1008 route-to (lagg0_vlan2000 192.168.0.1) inet from <BACKUP_SERVERS> to any flags S/SA keep state allow-opts label "USER_RULE: TEST ROUTING"
  118. pass in quick on lagg0_vlan1008 route-to (lagg0_vlan2000 192.168.0.1) inet proto tcp from <BACKUP_SERVERS> to any flags any keep state allow-opts label "USER_RULE: TEST ROUTING"
  119. pass in quick on lagg0_vlan1008 inet all flags S/SA keep state label "USER_RULE: TEMP"
  120. pass in quick on lagg0_vlan1008 inet proto tcp from any to (self) port = http flags S/SA keep state label "USER_RULE"
  121. pass in quick on lagg0_vlan1008 inet proto tcp from any to (self) port = https flags S/SA keep state label "USER_RULE"
  122. pass in quick on lagg0_vlan1008 inet proto tcp from any to (self) port = domain flags S/SA keep state label "USER_RULE"
  123. pass in quick on lagg0_vlan1008 inet proto udp from any to (self) port = domain keep state label "USER_RULE"
  124. pass in quick on lagg0_vlan1008 inet proto icmp from any to (self) keep state label "USER_RULE: Ping Allowed"
  125. pass in quick on lagg0_vlan1008 inet from <SUBNET_SERVERS> to any flags S/SA keep state label "USER_RULE: servers2all"
  126. block drop in quick on lagg0_vlan1008 inet from any to <LANs_RFC1918> label "USER_RULE: LAST RULE-1"
  127. pass in quick on lagg0_vlan1008 inet all flags S/SA keep state label "USER_RULE: LAST RULE, FULL NET ACCESS"
  128. pass quick on lagg0_vlan1008 inet proto tcp from 10.10.8.0/24 to 10.0.0.0/8 flags any keep state (sloppy) label "pass traffic between statically routed subnets"
  129. pass quick on lagg0_vlan1008 inet from 10.10.8.0/24 to 10.0.0.0/8 flags S/SA keep state (sloppy) label "pass traffic between statically routed subnets"
  130. pass quick on lagg0_vlan1008 inet proto tcp from 10.0.0.0/8 to 10.10.8.0/24 flags any keep state (sloppy) label "pass traffic between statically routed subnets"
  131. pass quick on lagg0_vlan1008 inet from 10.0.0.0/8 to 10.10.8.0/24 flags S/SA keep state (sloppy) label "pass traffic between statically routed subnets"
  132. anchor "tftp-proxy/*" all
  133. No queue in use
  134.  
  135. STATES:
  136. lagg0_vlan1008 tcp 8.8.8.8:80 <- 10.10.3.30:49682 CLOSED:SYN_SENT
  137. lagg0_vlan2000 tcp 192.168.0.10:45483 (10.10.3.30:49682) -> 8.8.8.8:80 SYN_SENT:CLOSED
  138. lagg0_vlan1008 tcp 8.8.8.8:80 <- 10.10.3.30:33817 CLOSED:SYN_SENT
  139. lagg0_vlan2000 tcp 192.168.0.10:34163 (10.10.3.30:33817) -> 8.8.8.8:80 SYN_SENT:CLOSED
  140. lagg0_vlan1008 tcp 8.8.8.8:80 <- 10.10.3.30:42768 CLOSED:SYN_SENT
  141. lagg0_vlan2000 tcp 192.168.0.10:36604 (10.10.3.30:42768) -> 8.8.8.8:80 SYN_SENT:CLOSED
  142. lagg0_vlan1008 tcp 8.8.8.8:80 <- 10.10.3.30:32853 CLOSED:SYN_SENT
  143. lagg0_vlan2000 tcp 192.168.0.10:30371 (10.10.3.30:32853) -> 8.8.8.8:80 SYN_SENT:CLOSED
  144. lagg0_vlan1008 tcp 8.8.8.8:80 <- 10.10.3.30:40778 CLOSED:SYN_SENT
  145. lagg0_vlan2000 tcp 192.168.0.10:23727 (10.10.3.30:40778) -> 8.8.8.8:80 SYN_SENT:CLOSED
  146. lagg0_vlan1008 tcp 8.8.8.8:80 <- 10.10.3.30:53099 CLOSED:SYN_SENT
  147. lagg0_vlan2000 tcp 192.168.0.10:34174 (10.10.3.30:53099) -> 8.8.8.8:80 SYN_SENT:CLOSED
  148. lagg0_vlan1008 tcp 8.8.8.8:80 <- 10.10.3.30:56118 CLOSED:SYN_SENT
  149. lagg0_vlan2000 tcp 192.168.0.10:33146 (10.10.3.30:56118) -> 8.8.8.8:80 SYN_SENT:CLOSED
  150. lagg0_vlan1008 tcp 8.8.8.8:80 <- 10.10.3.30:55475 CLOSED:SYN_SENT
  151. lagg0_vlan2000 tcp 192.168.0.10:3541 (10.10.3.30:55475) -> 8.8.8.8:80 SYN_SENT:CLOSED
  152. lagg0_vlan1008 tcp 8.8.8.8:80 <- 10.10.3.30:55644 CLOSED:SYN_SENT
  153. lagg0_vlan2000 tcp 192.168.0.10:52608 (10.10.3.30:55644) -> 8.8.8.8:80 SYN_SENT:CLOSED
  154. lagg0_vlan1008 tcp 8.8.8.8:80 <- 10.10.3.30:44473 CLOSED:SYN_SENT
  155. lagg0_vlan2000 tcp 192.168.0.10:2663 (10.10.3.30:44473) -> 8.8.8.8:80 SYN_SENT:CLOSED
  156. lagg0_vlan1008 tcp 10.10.8.12:443 <- 172.19.11.2:52890 FIN_WAIT_2:FIN_WAIT_2
  157. lagg0_vlan1008 udp 194.221.66.114:53 <- 10.10.3.50:31315 SINGLE:MULTIPLE
  158. lagg0_vlan2000 udp 192.168.0.10:59538 (10.10.3.50:31315) -> 194.221.66.114:53 MULTIPLE:SINGLE
  159. lagg0_vlan1007 pfsync 10.10.7.10 -> 10.10.7.11 MULTIPLE:MULTIPLE
  160. lagg0_vlan1008 tcp 8.8.8.8:80 <- 10.10.3.30:54426 CLOSED:SYN_SENT
  161. lagg0_vlan2000 tcp 192.168.0.10:22675 (10.10.3.30:54426) -> 8.8.8.8:80 SYN_SENT:CLOSED
  162. lagg0_vlan1008 tcp 8.8.8.8:80 <- 10.10.3.30:52815 CLOSED:SYN_SENT
  163. lagg0_vlan2000 tcp 192.168.0.10:55394 (10.10.3.30:52815) -> 8.8.8.8:80 SYN_SENT:CLOSED
  164. lagg0_vlan1008 tcp 8.8.8.8:80 <- 10.10.3.30:33199 CLOSED:SYN_SENT
  165. lagg0_vlan2000 tcp 192.168.0.10:50074 (10.10.3.30:33199) -> 8.8.8.8:80 SYN_SENT:CLOSED
  166. lagg0_vlan1008 tcp 8.8.8.8:80 <- 10.10.3.30:48268 CLOSED:SYN_SENT
  167. lagg0_vlan2000 tcp 192.168.0.10:62666 (10.10.3.30:48268) -> 8.8.8.8:80 SYN_SENT:CLOSED
  168. lagg0_vlan1008 tcp 8.8.8.8:80 <- 10.10.3.30:51822 CLOSED:SYN_SENT
  169. lagg0_vlan2000 tcp 192.168.0.10:20998 (10.10.3.30:51822) -> 8.8.8.8:80 SYN_SENT:CLOSED
  170. lagg0_vlan1008 udp 193.108.88.0:53 <- 10.10.3.50:17702 SINGLE:MULTIPLE
  171. lagg0_vlan2000 udp 192.168.0.10:15262 (10.10.3.50:17702) -> 193.108.88.0:53 MULTIPLE:SINGLE
  172. lagg0_vlan1008 tcp 8.8.8.8:80 <- 10.10.3.30:35545 CLOSED:SYN_SENT
  173. lagg0_vlan2000 tcp 192.168.0.10:44257 (10.10.3.30:35545) -> 8.8.8.8:80 SYN_SENT:CLOSED
  174. lagg0_vlan1008 tcp 8.8.8.8:80 <- 10.10.3.30:58439 CLOSED:SYN_SENT
  175. lagg0_vlan2000 tcp 192.168.0.10:55507 (10.10.3.30:58439) -> 8.8.8.8:80 SYN_SENT:CLOSED
  176. lagg0_vlan1008 tcp 8.8.8.8:80 <- 10.10.3.30:51542 CLOSED:SYN_SENT
  177. lagg0_vlan2000 tcp 192.168.0.10:47390 (10.10.3.30:51542) -> 8.8.8.8:80 SYN_SENT:CLOSED
  178. lagg0_vlan1008 tcp 23.218.167.129:443 <- 10.10.3.20:60914 TIME_WAIT:TIME_WAIT
  179. lagg0_vlan2000 tcp 192.168.0.10:33721 (10.10.3.20:60914) -> 23.218.167.129:443 TIME_WAIT:TIME_WAIT
  180. lagg0_vlan1008 tcp 10.10.8.10:443 <- 10.10.3.51:34972 FIN_WAIT_2:FIN_WAIT_2
  181. lagg0_vlan1008 tcp 10.10.8.10:222 <- 10.10.3.51:60678 TIME_WAIT:TIME_WAIT
  182. lo0 udp ::1[39005] -> ::1[123] MULTIPLE:SINGLE
  183. lagg0_vlan1008 icmp 10.10.8.10:20774 -> 10.10.8.1:20774 0:0
  184. lagg0_vlan1008 tcp 8.8.8.8:80 <- 10.10.3.30:55922 CLOSED:SYN_SENT
  185. lagg0_vlan2000 tcp 192.168.0.10:54324 (10.10.3.30:55922) -> 8.8.8.8:80 SYN_SENT:CLOSED
  186. lagg0_vlan1008 tcp 8.8.8.8:80 <- 10.10.3.30:34555 CLOSED:SYN_SENT
  187. lagg0_vlan2000 tcp 192.168.0.10:30244 (10.10.3.30:34555) -> 8.8.8.8:80 SYN_SENT:CLOSED
  188. lagg0_vlan1008 tcp 8.8.8.8:80 <- 10.10.3.30:53168 CLOSED:SYN_SENT
  189. lagg0_vlan2000 tcp 192.168.0.10:35399 (10.10.3.30:53168) -> 8.8.8.8:80 SYN_SENT:CLOSED
  190. lagg0_vlan1008 tcp 8.8.8.8:80 <- 10.10.3.30:37774 CLOSED:SYN_SENT
  191. lagg0_vlan2000 tcp 192.168.0.10:59643 (10.10.3.30:37774) -> 8.8.8.8:80 SYN_SENT:CLOSED
  192. lagg0_vlan1008 tcp 8.8.8.8:80 <- 10.10.3.30:47903 CLOSED:SYN_SENT
  193. lagg0_vlan2000 tcp 192.168.0.10:43195 (10.10.3.30:47903) -> 8.8.8.8:80 SYN_SENT:CLOSED
  194. lagg0_vlan1008 tcp 8.8.8.8:80 <- 10.10.3.30:58843 CLOSED:SYN_SENT
  195. lagg0_vlan2000 tcp 192.168.0.10:40712 (10.10.3.30:58843) -> 8.8.8.8:80 SYN_SENT:CLOSED
  196. lagg0_vlan1008 tcp 8.8.8.8:80 <- 10.10.3.30:40252 CLOSED:SYN_SENT
  197. lagg0_vlan2000 tcp 192.168.0.10:37455 (10.10.3.30:40252) -> 8.8.8.8:80 SYN_SENT:CLOSED
  198. lagg0_vlan1008 tcp 10.10.8.12:443 <- 172.19.11.2:52891 FIN_WAIT_2:FIN_WAIT_2
  199. lagg0_vlan1008 udp 10.10.8.12:53 <- 10.10.3.10:51154 SINGLE:MULTIPLE
  200. lagg0_vlan1008 tcp 23.218.167.129:443 <- 10.10.3.20:60917 TIME_WAIT:TIME_WAIT
  201. lagg0_vlan2000 tcp 192.168.0.10:18458 (10.10.3.20:60917) -> 23.218.167.129:443 TIME_WAIT:TIME_WAIT
  202. lagg0_vlan2000 icmp 192.168.0.11:4090 -> 192.168.0.1:4090 0:0
  203. lagg0_vlan2000 icmp 192.168.0.11:4402 -> 192.168.0.5:4402 0:0
  204. lagg0_vlan1008 tcp 10.10.8.11:443 <- 10.10.3.51:36452 TIME_WAIT:TIME_WAIT
  205. lo0 udp ::1[123] <- ::1[39005] SINGLE:MULTIPLE
  206. lagg0_vlan1008 tcp 8.8.8.8:80 <- 10.10.3.30:56125 CLOSED:SYN_SENT
  207. lagg0_vlan2000 tcp 192.168.0.10:44063 (10.10.3.30:56125) -> 8.8.8.8:80 SYN_SENT:CLOSED
  208. lagg0_vlan1008 tcp 8.8.8.8:80 <- 10.10.3.30:54530 CLOSED:SYN_SENT
  209. lagg0_vlan2000 tcp 192.168.0.10:12366 (10.10.3.30:54530) -> 8.8.8.8:80 SYN_SENT:CLOSED
  210. lagg0_vlan1008 tcp 8.8.8.8:80 <- 10.10.3.30:37219 CLOSED:SYN_SENT
  211. lagg0_vlan2000 tcp 192.168.0.10:28616 (10.10.3.30:37219) -> 8.8.8.8:80 SYN_SENT:CLOSED
  212. lagg0_vlan1008 tcp 8.8.8.8:80 <- 10.10.3.30:54748 CLOSED:SYN_SENT
  213. lagg0_vlan2000 tcp 192.168.0.10:53855 (10.10.3.30:54748) -> 8.8.8.8:80 SYN_SENT:CLOSED
  214. lagg0_vlan1008 tcp 8.8.8.8:80 <- 10.10.3.30:38435 CLOSED:SYN_SENT
  215. lagg0_vlan2000 tcp 192.168.0.10:18786 (10.10.3.30:38435) -> 8.8.8.8:80 SYN_SENT:CLOSED
  216. lagg0_vlan1008 udp 10.10.8.12:53 <- 10.10.3.51:60602 SINGLE:MULTIPLE
  217. lo0 udp ::1[123] <- ::1[29028] SINGLE:MULTIPLE
  218. lagg0_vlan2000 udp 192.168.0.11:49892 (172.19.3.12:123) -> 51.255.138.215:123 MULTIPLE:SINGLE
  219. lagg0_vlan1008 tcp 8.8.8.8:80 <- 10.10.3.30:51668 CLOSED:SYN_SENT
  220. lagg0_vlan2000 tcp 192.168.0.10:15112 (10.10.3.30:51668) -> 8.8.8.8:80 SYN_SENT:CLOSED
  221. lagg0_vlan1008 tcp 8.8.8.8:80 <- 10.10.3.30:41059 CLOSED:SYN_SENT
  222. lagg0_vlan2000 tcp 192.168.0.10:8825 (10.10.3.30:41059) -> 8.8.8.8:80 SYN_SENT:CLOSED
  223. lagg0_vlan1008 tcp 8.8.8.8:80 <- 10.10.3.30:34742 CLOSED:SYN_SENT
  224. lagg0_vlan2000 tcp 192.168.0.10:6888 (10.10.3.30:34742) -> 8.8.8.8:80 SYN_SENT:CLOSED
  225. lagg0_vlan1008 tcp 8.8.8.8:80 <- 10.10.3.30:47055 CLOSED:SYN_SENT
  226. lagg0_vlan2000 tcp 192.168.0.10:49239 (10.10.3.30:47055) -> 8.8.8.8:80 SYN_SENT:CLOSED
  227. lagg0_vlan1008 tcp 8.8.8.8:80 <- 10.10.3.30:44098 CLOSED:SYN_SENT
  228. lagg0_vlan2000 tcp 192.168.0.10:28439 (10.10.3.30:44098) -> 8.8.8.8:80 SYN_SENT:CLOSED
  229. lagg0_vlan2010 ipv6-icmp ff02::1:ffa4:453b <- fe80::2d30:b10:9a79:5a25 NO_TRAFFIC:NO_TRAFFIC
  230. lagg0_vlan1008 udp 10.10.8.12:53 <- 10.10.3.10:46168 SINGLE:MULTIPLE
  231. lagg0_vlan1008 tcp 10.10.8.10:222 <- 172.19.11.2:41878 ESTABLISHED:ESTABLISHED
  232. lagg0_vlan1008 icmp 10.10.8.11:3893 -> 10.10.8.1:3893 0:0
  233. lagg0_vlan2000 icmp 192.168.0.10:21101 -> 192.168.0.1:21101 0:0
  234. lagg0_vlan2000 icmp 192.168.0.10:21565 -> 192.168.0.5:21565 0:0
  235. lagg0_vlan1008 tcp 10.10.8.12:443 <- 172.19.11.2:52877 ESTABLISHED:ESTABLISHED
  236. lagg0_vlan1008 tcp 10.10.8.12:443 <- 172.19.11.2:52880 ESTABLISHED:ESTABLISHED
  237. lagg0_vlan1008 tcp 8.8.8.8:80 <- 10.10.3.30:44635 CLOSED:SYN_SENT
  238. lagg0_vlan2000 tcp 192.168.0.10:56500 (10.10.3.30:44635) -> 8.8.8.8:80 SYN_SENT:CLOSED
  239. lagg0_vlan1008 tcp 8.8.8.8:80 <- 10.10.3.30:45326 CLOSED:SYN_SENT
  240. lagg0_vlan2000 tcp 192.168.0.10:42705 (10.10.3.30:45326) -> 8.8.8.8:80 SYN_SENT:CLOSED
  241. lagg0_vlan1008 tcp 8.8.8.8:80 <- 10.10.3.30:57117 CLOSED:SYN_SENT
  242. lagg0_vlan2000 tcp 192.168.0.10:4120 (10.10.3.30:57117) -> 8.8.8.8:80 SYN_SENT:CLOSED
  243. lagg0_vlan1008 tcp 8.8.8.8:80 <- 10.10.3.30:52932 CLOSED:SYN_SENT
  244. lagg0_vlan2000 tcp 192.168.0.10:51637 (10.10.3.30:52932) -> 8.8.8.8:80 SYN_SENT:CLOSED
  245. lagg0_vlan1008 tcp 8.8.8.8:80 <- 10.10.3.30:53039 CLOSED:SYN_SENT
  246. lagg0_vlan2000 tcp 192.168.0.10:18188 (10.10.3.30:53039) -> 8.8.8.8:80 SYN_SENT:CLOSED
  247. lagg0_vlan1008 tcp 8.8.8.8:80 <- 10.10.3.30:46771 CLOSED:SYN_SENT
  248. lagg0_vlan2000 tcp 192.168.0.10:13525 (10.10.3.30:46771) -> 8.8.8.8:80 SYN_SENT:CLOSED
  249. lo0 udp ::1[29028] -> ::1[123] MULTIPLE:SINGLE
  250. lagg0_vlan2010 ipv6-icmp ff02::1:ff79:5a25 <- fe80::816a:38e0:98a4:453b NO_TRAFFIC:NO_TRAFFIC
  251. lagg0_vlan2000 tcp 192.168.0.12:12954 -> 91.183.38.102:1194 ESTABLISHED:ESTABLISHED
  252. lagg0_vlan1008 tcp 8.8.8.8:80 <- 10.10.3.30:54296 CLOSED:SYN_SENT
  253. lagg0_vlan2000 tcp 192.168.0.10:16891 (10.10.3.30:54296) -> 8.8.8.8:80 SYN_SENT:CLOSED
  254. lagg0_vlan1008 tcp 8.8.8.8:80 <- 10.10.3.30:60997 CLOSED:SYN_SENT
  255. lagg0_vlan2000 tcp 192.168.0.10:28929 (10.10.3.30:60997) -> 8.8.8.8:80 SYN_SENT:CLOSED
  256. lagg0_vlan1008 tcp 8.8.8.8:80 <- 10.10.3.30:42645 CLOSED:SYN_SENT
  257. lagg0_vlan2000 tcp 192.168.0.10:56964 (10.10.3.30:42645) -> 8.8.8.8:80 SYN_SENT:CLOSED
  258. lagg0_vlan1008 tcp 8.8.8.8:80 <- 10.10.3.30:43942 CLOSED:SYN_SENT
  259. lagg0_vlan2000 tcp 192.168.0.10:40233 (10.10.3.30:43942) -> 8.8.8.8:80 SYN_SENT:CLOSED
  260. lagg0_vlan1008 tcp 8.8.8.8:80 <- 10.10.3.30:58766 CLOSED:SYN_SENT
  261. lagg0_vlan2000 tcp 192.168.0.10:3349 (10.10.3.30:58766) -> 8.8.8.8:80 SYN_SENT:CLOSED
  262. lagg0_vlan1008 tcp 10.10.8.12:443 <- 172.19.11.2:52889 FIN_WAIT_2:FIN_WAIT_2
  263.  
  264. INFO:
  265. Status: Enabled for 43 days 01:43:13 Debug: Urgent
  266.  
  267. Interface Stats for lagg0_vlan1007 IPv4 IPv6
  268. Bytes In 1491371988 0
  269. Bytes Out 1069517599 0
  270. Packets In
  271. Passed 3655037 0
  272. Blocked 0 0
  273. Packets Out
  274. Passed 1321008 0
  275. Blocked 0 0
  276.  
  277. State Table Total Rate
  278. current entries 127
  279. searches 132477290 35.6/s
  280. inserts 2007639 0.5/s
  281. removals 2007512 0.5/s
  282. Counters
  283. match 33033863 8.9/s
  284. bad-offset 0 0.0/s
  285. fragment 1 0.0/s
  286. short 0 0.0/s
  287. normalize 0 0.0/s
  288. memory 0 0.0/s
  289. bad-timestamp 0 0.0/s
  290. congestion 0 0.0/s
  291. ip-option 38 0.0/s
  292. proto-cksum 0 0.0/s
  293. state-mismatch 14 0.0/s
  294. state-insert 12 0.0/s
  295. state-limit 0 0.0/s
  296. src-limit 0 0.0/s
  297. synproxy 0 0.0/s
  298. divert 0 0.0/s
  299.  
  300. LABEL COUNTERS:
  301. Block IPv4 link-local 33026423 10120 1546658 10120 1546658 0 0 0
  302. Block IPv4 link-local 17205429 0 0 0 0 0 0 0
  303. Default deny rule IPv4 17205030 9101051 1329748849 9101051 1329748849 0 0 0
  304. Default deny rule IPv4 29196135 180 40657 0 0 180 40657 0
  305. Default deny rule IPv6 33016960 3654441 494708470 3654441 494708470 0 0 0
  306. Default deny rule IPv6 15814255 0 0 0 0 0 0 0
  307. Block traffic from port 0 32907506 0 0 0 0 0 0 0
  308. Block traffic from port 0 32907298 0 0 0 0 0 0 0
  309. Block traffic to port 0 29136182 0 0 0 0 0 0 0
  310. Block traffic to port 0 29136080 0 0 0 0 0 0 0
  311. Block traffic from port 0 32908210 0 0 0 0 0 0 0
  312. Block traffic from port 0 32906806 0 0 0 0 0 0 0
  313. Block traffic to port 0 3774376 0 0 0 0 0 0 0
  314. Block traffic to port 0 3774376 0 0 0 0 0 0 0
  315. Block snort2c hosts 32907056 0 0 0 0 0 0 0
  316. Block snort2c hosts 32905221 0 0 0 0 0 0 0
  317. sshlockout 21772216 0 0 0 0 0 0 0
  318. webConfiguratorlockout 322127 0 0 0 0 0 0 0
  319. virusprot overload table 20915021 0 0 0 0 0 0 0
  320. block bogon IPv4 networks from WAN 20913611 0 0 0 0 0 0 0
  321. block bogon IPv6 networks from WAN 20912476 0 0 0 0 0 0 0
  322. pass IPv4 loopback 20873874 2566 267272 1283 82552 1283 184720 0
  323. pass IPv4 loopback 856601 0 0 0 0 0 0 0
  324. pass IPv6 loopback 123410 120844 30931540 60422 3625320 60422 27306220 2
  325. pass IPv6 loopback 122127 0 0 0 0 0 0 0
  326. let out anything IPv4 from firewall host itself 21666925 8009569 3588013633 4190650 2965522869 3818919 622490764 0
  327. let out anything IPv6 from firewall host itself 855683 120854 30932640 60422 27306220 60432 3626420 2
  328. let out anything from firewall host itself 29742 146373 86627099 83512 81704145 62861 4922954 54
  329. let out anything from firewall host itself 28323 0 0 0 0 0 0 0
  330. anti-lockout rule 21774206 0 0 0 0 0 0 0
  331. anti-lockout rule 21773011 0 0 0 0 0 0 0
  332. anti-lockout rule 21773011 0 0 0 0 0 0 0
  333. USER_RULE: TEST ROUTING 471122 0 0 0 0 0 0 0
  334. USER_RULE: TEMP 20919897 2256951 729516623 1166028 147261457 1090923 582255166 0
  335. USER_RULE: TEMP 153 0 0 0 0 0 0 0
  336. USER_RULE: Easy Rule: Passed from Firewall Log View 20863668 0 0 0 0 0 0 0
  337. USER_RULE 13 0 0 0 0 0 0 0
  338. USER_RULE 13 0 0 0 0 0 0 0
  339. USER_RULE: Easy Rule: Passed from Firewall Log View 13 0 0 0 0 0 0 0
  340. USER_RULE: CARP ALLOWED 20195630 0 0 0 0 0 0 0
  341. USER_RULE: PFSYNC ALLOWED 0 0 0 0 0 0 0 0
  342. USER_RULE: WEB INTERFACE 20193728 70 4880 34 1924 36 2956 0
  343. USER_RULE: WEB INTERFACE 3334 1784 1402871 623 75727 1161 1327144 0
  344. USER_RULE: SSH 3305 258 29797 113 9464 145 20333 0
  345. USER_RULE 16286897 4 280 2 140 2 140 0
  346. USER_RULE: oldlan2hqlans 16260519 0 0 0 0 0 0 0
  347. USER_RULE: LAST RULE-1 16260395 5292894 781678237 5292894 781678237 0 0 0
  348. USER_RULE: TEST ROUTING 7779 6390 3247252 2902 177416 3488 3069836 52
  349. USER_RULE: TEST ROUTING 0 0 0 0 0 0 0 0
  350. USER_RULE: TEMP 7692338 11718427 9691798768 4194184 278608151 7524243 9413190617 18
  351. USER_RULE 76 0 0 0 0 0 0 0
  352. USER_RULE 9 0 0 0 0 0 0 0
  353. USER_RULE 9 0 0 0 0 0 0 0
  354. USER_RULE 9 0 0 0 0 0 0 0
  355. USER_RULE: Ping Allowed 9 0 0 0 0 0 0 0
  356. USER_RULE: servers2all 67 0 0 0 0 0 0 0
  357. USER_RULE: LAST RULE-1 67 67 5048 67 5048 0 0 0
  358. USER_RULE: LAST RULE, FULL NET ACCESS 0 0 0 0 0 0 0 0
  359. pass traffic between statically routed subnets 790146 0 0 0 0 0 0 0
  360. pass traffic between statically routed subnets 219 816 27188 408 14070 408 13118 0
  361. pass traffic between statically routed subnets 126401 0 0 0 0 0 0 0
  362. pass traffic between statically routed subnets 188 0 0 0 0 0 0 0
  363.  
  364. TIMEOUTS:
  365. tcp.first 120s
  366. tcp.opening 30s
  367. tcp.established 86400s
  368. tcp.closing 900s
  369. tcp.finwait 45s
  370. tcp.closed 90s
  371. tcp.tsdiff 30s
  372. udp.first 60s
  373. udp.single 30s
  374. udp.multiple 60s
  375. icmp.first 20s
  376. icmp.error 10s
  377. other.first 60s
  378. other.single 30s
  379. other.multiple 60s
  380. frag 30s
  381. interval 10s
  382. adaptive.start 487200 states
  383. adaptive.end 974400 states
  384. src.track 0s
  385.  
  386. LIMITS:
  387. states hard limit 812000
  388. src-nodes hard limit 812000
  389. frags hard limit 5000
  390. table-entries hard limit 200000
  391.  
  392. TABLES:
  393. BACKUP_SERVERS
  394. HQ_LANS
  395. ITOP_PUBLIC_IP
  396. LANs_RFC1918
  397. SUBNET_SERVERS
  398. bogons
  399. bogonsv6
  400. snort2c
  401. sshlockout
  402. tonatsubnets
  403. virusprot
  404. webConfiguratorlockout
  405.  
  406. OS FINGERPRINTS:
  407. 710 fingerprints loaded
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!