22 lines
334 B
Plaintext
22 lines
334 B
Plaintext
# TODO: Allow in ICMP(v6) by message type
|
|
# TODO: Rate-limit ssh
|
|
|
|
# ICMP(v6)
|
|
alg "icmp"
|
|
|
|
group "services" in on vioif0 {
|
|
pass stateful proto tcp to any port ssh
|
|
}
|
|
|
|
group "localhost" in on lo0 {
|
|
pass stateful all
|
|
}
|
|
|
|
group default {
|
|
# Default rule
|
|
block all
|
|
|
|
# Let it goooooo
|
|
pass stateful out all
|
|
}
|