# pf must have these rules in the regress anchor

set ruleset-optimization none

# nothing to pflog N3, will be overridden by later rule
pass log (to $PFLOG_N3) on $LO no state

# everything to pflog N2
match log (to $PFLOG_N2) on $LO no state

# specific test to pflog N1
pass log (to $PFLOG_N1) on $LO inet
pass log (to $PFLOG_N1) on $LO to 169.254.0.1 no state
pass log (to $PFLOG_N1) on $LO to 169.254.0.2 keep state
pass log (all to $PFLOG_N1) on $LO to 169.254.0.3 keep state
pass log (user to $PFLOG_N1) on $LO to 169.254.0.4
pass on $LO to 169.254.0.5
pass log (matches to $PFLOG_N1) on $LO to 169.254.0.6
pass on $LO to 169.254.0.6

# use unique local adresses, link local scope id is broken in pf
pass log (to $PFLOG_N1) on $LO inet6
pass log (to $PFLOG_N1) on $LO to fc00::1 no state
pass log (to $PFLOG_N1) on $LO to fc00::2 keep state
pass log (all to $PFLOG_N1) on $LO to fc00::3 keep state
pass log (user to $PFLOG_N1) on $LO to fc00::4
pass on $LO to fc00::5
pass log (matches to $PFLOG_N1) on $LO to fc00::6
pass on $LO to fc00::6

# we nat on lo-out, log the original packet, generic lo-in logs natted packet
pass out log (to $PFLOG_N1) on $LO to 169.254.0.11 rdr-to 169.254.0.21
pass out log (to $PFLOG_N1) on $LO to 169.254.0.12 nat-to 169.254.0.22
pass out log (to $PFLOG_N1) on $LO to fc00::11 rdr-to fc00::21
pass out log (to $PFLOG_N1) on $LO to fc00::12 nat-to fc00::22

# af-to is for in rule only, IPv4 loopback does not work, use link-local
pass in log (to $PFLOG_N1) on $LO to 169.254.0.14 af-to \
    inet6 from fc00::23 to fc00::24
pass in log (to $PFLOG_N1) on $LO to fc00::14 af-to \
    inet from 169.254.0.23 to 169.254.0.24