1@0 block drop all 2 [ Skip steps: i=5 d=2 r=end f=5 p=2 da=5 sp=end dp=5 ] 3 [ queue: qname= qid=0 pqname= pqid=0 ] 4 [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] 5@1 block drop quick from <bad:0> to any 6 [ Skip steps: i=5 r=end f=5 da=5 sp=end dp=5 ] 7 [ queue: qname= qid=0 pqname= pqid=0 ] 8 [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] 9@2 pass out proto tcp all flags S/SA 10 [ Skip steps: i=5 d=5 r=end f=5 sa=end da=5 sp=end dp=5 ] 11 [ queue: qname= qid=0 pqname= pqid=0 ] 12 [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] 13@3 pass out proto icmp all 14 [ Skip steps: i=5 d=5 r=end f=5 sa=end da=5 sp=end dp=5 ] 15 [ queue: qname= qid=0 pqname= pqid=0 ] 16 [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] 17@4 pass out proto udp all 18 [ Skip steps: r=end sa=end sp=end ] 19 [ queue: qname= qid=0 pqname= pqid=0 ] 20 [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] 21@5 pass in on lo1000001 inet proto tcp from any to 10.0.0.1 port = 22 flags S/SA keep state (source-track rule, max-src-conn 10, max-src-conn-rate 3/99, src.track 99) 22 [ Skip steps: i=8 d=end r=end f=end p=end sa=end sp=end dp=8 ] 23 [ queue: qname= qid=0 pqname= pqid=0 ] 24 [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] 25@6 pass in on lo1000001 inet proto tcp from any to 10.0.0.2 port = 22 flags S/SA keep state (source-track rule, max-src-conn 10) 26 [ Skip steps: i=8 d=end r=end f=end p=end sa=end sp=end dp=8 ] 27 [ queue: qname= qid=0 pqname= pqid=0 ] 28 [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] 29@7 pass in on lo1000001 inet proto tcp from any to 10.0.0.3 port = 22 flags S/SA keep state (source-track rule, max-src-conn-rate 3/99, src.track 99) 30 [ Skip steps: d=end r=end f=end p=end sa=end sp=end ] 31 [ queue: qname= qid=0 pqname= pqid=0 ] 32 [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] 33@8 pass in on lo1000000 inet proto tcp from any to 10.0.0.1 port = 80 flags S/SA modulate state (source-track rule, max-src-conn 100, max-src-conn-rate 10/5, overload <bad> flush, src.track 5) 34 [ Skip steps: i=end d=end r=end f=end p=end sa=end da=end sp=end ] 35 [ queue: qname= qid=0 pqname= pqid=0 ] 36 [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] 37@9 pass in on lo1000000 inet proto tcp from any to 10.0.0.1 port = 8080 flags S/SA synproxy state (source-track rule, max-src-conn 1000, max-src-conn-rate 1000/5, overload <bad> flush global, src.track 5) 38 [ Skip steps: i=end d=end r=end f=end p=end sa=end da=end sp=end dp=end ] 39 [ queue: qname= qid=0 pqname= pqid=0 ] 40 [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] 41