# $NetBSD: pf.boot.conf,v 1.5 2019/02/17 20:45:47 gutteridge Exp $ # # /etc/defaults/pf.boot.conf -- # initial configuration for pf(4) # # see pf.boot.conf(5) for more information. # # DO NOT EDIT THIS FILE DIRECTLY; IT MAY BE REPLACED DURING A SYSTEM UPGRADE. # EDIT /etc/pf.boot.conf INSTEAD. # # Default deny. block all # Don't block loopback. pass on lo0 # Allow outgoing DNS, needed by pfctl to resolve names. pass out proto { tcp, udp } from any to any port 53 keep state # Allow outgoing ping request, might be used by a DHCP client to validate # old (but valid) leases in case it needs to fall back to such a lease # (the DHCP server can be down or not responding). pass out inet proto icmp all icmp-type echoreq keep state # Allow IPv6 router/neighbor solicitation and advertisement. pass out inet6 proto ipv6-icmp all icmp6-type neighbrsol pass in inet6 proto ipv6-icmp all icmp6-type neighbradv pass out inet6 proto ipv6-icmp all icmp6-type routersol pass in inet6 proto ipv6-icmp all icmp6-type routeradv # Enable CARP, to avoid spurious failovers. pass proto carp