pass in quick on lo0 all
pass out quick on lo0 all
# 禁止外网的无效地址通过
block in quick on tun0 all with ipopts
block in quick on tun0 all with short
block in quick on tun0 all with frag
block in quick on tun0 proto tcp all flags FUP
block in quick on tun0 from 255.255.255.255/32 to any
block in quick on tun0 from 192.168.0.0/16 to any
block in quick on tun0 from
block in quick on tun0 from 172.16.0.0/12 to any
block in quick on tun0 from 127.0.0.0/8 to any
block in quick on tun0 from
block in quick on tun0 from 192.0.2.0/14 to any
block in quick on tun0 from 204.152.64.0/23 to any
block in quick on tun0 from 224.0.0.0/3 to any
# 对外网信息的处理, 允许内网包发送到外网, 并且允许外网对这些包的回应信息通过
