xref: /illumos-gate/usr/src/cmd/ipf/examples/example.3 (revision 7c478bd9)
1*7c478bd9Sstevel@tonic-gate#
2*7c478bd9Sstevel@tonic-gate# block all inbound packets.
3*7c478bd9Sstevel@tonic-gate#
4*7c478bd9Sstevel@tonic-gateblock in from any to any
5*7c478bd9Sstevel@tonic-gate#
6*7c478bd9Sstevel@tonic-gate# pass through packets to and from localhost.
7*7c478bd9Sstevel@tonic-gate#
8*7c478bd9Sstevel@tonic-gatepass in from 127.0.0.1/32 to 127.0.0.1/32
9*7c478bd9Sstevel@tonic-gate#
10*7c478bd9Sstevel@tonic-gate# allow a variety of individual hosts to send any type of IP packet to any
11*7c478bd9Sstevel@tonic-gate# other host.
12*7c478bd9Sstevel@tonic-gate#
13*7c478bd9Sstevel@tonic-gatepass in from 10.1.3.1/32 to any
14*7c478bd9Sstevel@tonic-gatepass in from 10.1.3.2/32 to any
15*7c478bd9Sstevel@tonic-gatepass in from 10.1.3.3/32 to any
16*7c478bd9Sstevel@tonic-gatepass in from 10.1.3.4/32 to any
17*7c478bd9Sstevel@tonic-gatepass in from 10.1.3.5/32 to any
18*7c478bd9Sstevel@tonic-gatepass in from 10.1.0.13/32 to any
19*7c478bd9Sstevel@tonic-gatepass in from 10.1.1.1/32 to any
20*7c478bd9Sstevel@tonic-gatepass in from 10.1.2.1/32 to any
21*7c478bd9Sstevel@tonic-gate#
22*7c478bd9Sstevel@tonic-gate#
23*7c478bd9Sstevel@tonic-gate# block all outbound packets.
24*7c478bd9Sstevel@tonic-gate#
25*7c478bd9Sstevel@tonic-gateblock out from any to any
26*7c478bd9Sstevel@tonic-gate#
27*7c478bd9Sstevel@tonic-gate# allow any packets destined for localhost out.
28*7c478bd9Sstevel@tonic-gate#
29*7c478bd9Sstevel@tonic-gatepass out from any to 127.0.0.1/32
30*7c478bd9Sstevel@tonic-gate#
31*7c478bd9Sstevel@tonic-gate# allow any host to send any IP packet out to a limited number of hosts.
32*7c478bd9Sstevel@tonic-gate#
33*7c478bd9Sstevel@tonic-gatepass out from any to 10.1.3.1/32
34*7c478bd9Sstevel@tonic-gatepass out from any to 10.1.3.2/32
35*7c478bd9Sstevel@tonic-gatepass out from any to 10.1.3.3/32
36*7c478bd9Sstevel@tonic-gatepass out from any to 10.1.3.4/32
37*7c478bd9Sstevel@tonic-gatepass out from any to 10.1.3.5/32
38*7c478bd9Sstevel@tonic-gatepass out from any to 10.1.0.13/32
39*7c478bd9Sstevel@tonic-gatepass out from any to 10.1.1.1/32
40*7c478bd9Sstevel@tonic-gatepass out from any to 10.1.2.1/32
41