1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
:input;type filter hook input priority 0
:ingress;type filter hook ingress device lo priority 0
:egress;type filter hook egress device lo priority 0
*inet;test-inet;input
*bridge;test-inet;input
*netdev;test-netdev;ingress,egress
!set1 type ipv4_addr timeout 60s;ok
?set1 192.168.3.4 timeout 30s, 10.2.1.1;ok
!set2 type ipv6_addr timeout 23d23h59m59s;ok
?set2 dead::beef timeout 5s;ok
ip saddr @set1 drop;ok
ip saddr != @set2 drop;fail
ip6 daddr != @set2 accept;ok
ip6 daddr @set1 drop;fail
!set3 type ipv4_addr . ipv4_addr . inet_service flags interval;ok
?set3 10.0.0.0/8 . 192.168.1.3-192.168.1.9 . 1024-65535;ok
ip saddr . ip daddr . tcp dport @set3 accept;ok
ip daddr . tcp dport { 10.0.0.0/8 . 10-23, 192.168.1.1-192.168.3.8 . 80-443 } accept;ok
|
