xref: /netbsd-src/external/bsd/ipf/dist/rules/example.10 (revision bc4097aacfdd9307c19b7947c13c6ad6982527a9) 
1*bc4097aaSchristos#	$NetBSD: example.10,v 1.1.1.1 2012/03/23 21:20:15 christos Exp $
2*bc4097aaSchristos#
3*bc4097aaSchristos# pass ack packets (ie established connection)
4*bc4097aaSchristos#
5*bc4097aaSchristospass in proto tcp from 10.1.0.0/16 port = 23 to 10.2.0.0/16 flags A/A
6*bc4097aaSchristospass out proto tcp from 10.1.0.0/16 port = 23 to 10.2.0.0/16 flags A/A
7*bc4097aaSchristos#
8*bc4097aaSchristos# block incoming connection requests to my internal network from the big bad
9*bc4097aaSchristos# internet.
10*bc4097aaSchristos#
11*bc4097aaSchristosblock in on le0 proto tcp from any to 10.1.0.0/16 flags S/SA
12*bc4097aaSchristos#  to block the replies:
13*bc4097aaSchristosblock out on le0 proto tcp from 10.1.0.0 to any flags SA/SA
14