AdSchellevis
commented
5 years ago list of autogenerated rules in core:
-
[x] "Pass all loopback IPv6" system_advanced_firewall.php#ipv6allow
-
[x] "Block all IPv6" system_advanced_firewall.php#ipv6allow
-
[x] "Default deny rule" [always on]
-
[x] "IPv6 requirements (ICMP)" [always on]
-
[x] "block all targetting port 0" [always on]
-
[x] "CARP defaults"
-
[x] "Lockout rules" [always on]
-
[x] "block all in alias
" [always on] -
[x] "Block bogon IPv4 networks from ..."
-
[x] "Block bogon IPv6 networks from ..."
-
[x] "Block private networks from ..."
-
[x] "allow dhcpv6 client in ..."
-
[x] "allow PPTP client on ..."
-
[x] "allow DHCP client on ..."
-
[x] "allow access to DHCP server"
-
[x] "allow access to DHCP failover"
-
[x] "Allow 6in4 traffic out for 6rd on ..."
-
[x] "Allow 6in4 traffic in for 6to4 on .."
-
[ ] "allow access to DHCPv6 server on ...." --> not consistent (multiple possible pages)
-
[x] "pass loopback" [always on]
-
[x] "let out anything from firewall host itself" [always on]
-
[x] "IPsec internal host to host"
-
[ ] "'allow pptpd'" --> should be part of pptp server plugin
-
[x] "let out anything from firewall host itself" (pf_disable_force_gw)
-
[x] "Auto added VPN rules" (disablevpnrules)
If we create a hash for a rule, we should be able to track rules more easily. The descriptions can stay in the rule file, but won't be used for pf labels anymore.