1# $NetBSD: pf.boot.conf,v 1.5 2019/02/17 20:45:47 gutteridge Exp $ 2# 3# /etc/defaults/pf.boot.conf -- 4# initial configuration for pf(4) 5# 6# see pf.boot.conf(5) for more information. 7# 8# DO NOT EDIT THIS FILE DIRECTLY; IT MAY BE REPLACED DURING A SYSTEM UPGRADE. 9# EDIT /etc/pf.boot.conf INSTEAD. 10# 11 12# Default deny. 13block all 14 15# Don't block loopback. 16pass on lo0 17 18# Allow outgoing DNS, needed by pfctl to resolve names. 19pass out proto { tcp, udp } from any to any port 53 keep state 20 21# Allow outgoing ping request, might be used by a DHCP client to validate 22# old (but valid) leases in case it needs to fall back to such a lease 23# (the DHCP server can be down or not responding). 24pass out inet proto icmp all icmp-type echoreq keep state 25 26# Allow IPv6 router/neighbor solicitation and advertisement. 27pass out inet6 proto ipv6-icmp all icmp6-type neighbrsol 28pass in inet6 proto ipv6-icmp all icmp6-type neighbradv 29pass out inet6 proto ipv6-icmp all icmp6-type routersol 30pass in inet6 proto ipv6-icmp all icmp6-type routeradv 31 32# Enable CARP, to avoid spurious failovers. 33pass proto carp 34