Closed AdSchellevis closed 5 years ago
list of autogenerated rules in core:
[x] "Pass all loopback IPv6" system_advanced_firewall.php#ipv6allow
[x] "Block all IPv6" system_advanced_firewall.php#ipv6allow
[x] "Default deny rule" [always on]
[x] "IPv6 requirements (ICMP)" [always on]
[x] "block all targetting port 0" [always on]
[x] "CARP defaults"
[x] "Lockout rules" [always on]
[x] "block all in alias
[x] "Block bogon IPv4 networks from ..."
[x] "Block bogon IPv6 networks from ..."
[x] "Block private networks from ..."
[x] "allow dhcpv6 client in ..."
[x] "allow PPTP client on ..."
[x] "allow DHCP client on ..."
[x] "allow access to DHCP server"
[x] "allow access to DHCP failover"
[x] "Allow 6in4 traffic out for 6rd on ..."
[x] "Allow 6in4 traffic in for 6to4 on .."
[ ] "allow access to DHCPv6 server on ...." --> not consistent (multiple possible pages)
[x] "pass loopback" [always on]
[x] "let out anything from firewall host itself" [always on]
[x] "IPsec internal host to host"
[ ] "'allow pptpd'" --> should be part of pptp server plugin
[x] "let out anything from firewall host itself" (pf_disable_force_gw)
[x] "Auto added VPN rules" (disablevpnrules)
If we create a hash for a rule, we should be able to track rules more easily. The descriptions can stay in the rule file, but won't be used for pf labels anymore.