rules/tcpstate - net/ipfilter - Rivoreo Source Code Repositories

 #
 # Only allow TCP packets in/out of le0 if there is an outgoing connection setup
 # somewhere, waiting for it.
 #
 pass out quick on le0 proto tcp from any to any flags S/SAFR keep state
 block out on le0 proto tcp all
 block in on le0 proto tcp all
 #
 # allow nameserver queries and replies to pass through, but no other UDP
 #
 pass out quick on le0 proto udp from any to any port = 53 keep state
 block out on le0 proto udp all
 block in on le0 proto udp all
	#
	# Only allow TCP packets in/out of le0 if there is an outgoing connection setup
	# somewhere, waiting for it.
	#
	pass out quick on le0 proto tcp from any to any flags S/SAFR keep state
	block out on le0 proto tcp all
	block in on le0 proto tcp all
	#
	# allow nameserver queries and replies to pass through, but no other UDP
	#
	pass out quick on le0 proto udp from any to any port = 53 keep state
	block out on le0 proto udp all
	block in on le0 proto udp all