#-------------------------------------------------------------------------
out_if = "vioif0";            # Name des Netzwerkinterface

pass out quick on lo0 all
pass in quick on lo0 all

#pass out quick on $out_if all
#pass in quick on $out_if all

# pass out quick on vioif0 all keep state

# TCP, UDP und ICMP hinauslassen
pass out on $out_if proto tcp from any to any flags S keep state keep frags
pass out on $out_if proto udp from any to any keep state
#pass out on $out_if proto icmp from any to any keep state
pass out on $out_if proto ipv6 from any to any keep state
pass out on $out_if proto ipv6-icmp from any to any

#
# ipf.conf
#
# IP Filter rules to be loaded during startup
#
# See ipf(4) manpage for more information on
# IP Filter rules syntax.

# Allow out ping to public Internet
#pass in quick on vioif0 proto icmp from any to any keep state
pass in quick on vioif0 proto ipv6 from any to any keep state
pass in quick on vioif0 proto ipv6-icmp from any to any

# dns stuff
pass in log proto tcp from any to any port = 53 keep state
pass in log proto udp from any to any port = 53 keep state

pass in quick on vioif0 proto udp from any to any port = 68 keep state

pass in quick on vioif0 proto udp from any to any port = 546 keep state

# Allow in standard www function because I have apache server
pass in quick on vioif0 proto tcp from any to any port = 80 flags S keep state

pass in quick on vioif0 proto tcp/udp from any to any port = 88 keep state

pass in quick on vioif0 proto udp from any to any port = 88 keep state

pass in quick on vioif0 proto udp from any to any port = 123 keep state

# Allow in standard www function because I have apache server
pass in quick on vioif0 proto tcp from any to any port = 443 flags S keep state

# Allow in secure FTP, Telnet, and SCP from public Internet
# This function is using SSH (secure shell)
pass in quick on vioif0 proto tcp from any to any port = 22 flags S keep state

# Block and log only first occurrence of all remaining traffic
# coming into the firewall. The logging of only the first
# occurrence stops a .denial of service. attack targeted
# at filling up your log file space.
# This rule enforces the block all by default logic.
block in log first quick on vioif0 all
################### End of rules file #####################################