1*bc4097aaSchristos# $NetBSD: example.11,v 1.1.1.1 2012/03/23 21:20:15 christos Exp $ 2*bc4097aaSchristos# 3*bc4097aaSchristos# allow any TCP packets from the same subnet as foo is on through to host 4*bc4097aaSchristos# 10.1.1.2 if they are destined for port 6667. 5*bc4097aaSchristos# 6*bc4097aaSchristospass in proto tcp from 10.2.2.2/24 to 10.1.1.2/32 port = 6667 7*bc4097aaSchristos# 8*bc4097aaSchristos# allow in UDP packets which are NOT from port 53 and are destined for 9*bc4097aaSchristos# localhost 10*bc4097aaSchristos# 11*bc4097aaSchristospass in proto udp from 10.2.2.2 port != 53 to localhost 12*bc4097aaSchristos# 13*bc4097aaSchristos# block anything trying to get to X terminal ports, X:0 to X:9 14*bc4097aaSchristos# 15*bc4097aaSchristosblock in proto tcp from any to any port 5999 >< 6010 16*bc4097aaSchristos# 17*bc4097aaSchristos# allow any connections to be made, except to BSD print/r-services 18*bc4097aaSchristos# this will also protect syslog. 19*bc4097aaSchristos# 20*bc4097aaSchristosblock in proto tcp/udp all 21*bc4097aaSchristospass in proto tcp/udp from any to any port 512 <> 515 22*bc4097aaSchristos# 23*bc4097aaSchristos# allow any connections to be made, except to BSD print/r-services 24*bc4097aaSchristos# this will also protect syslog. 25*bc4097aaSchristos# 26*bc4097aaSchristospass in proto tcp/udp all 27*bc4097aaSchristosblock in proto tcp/udp from any to any port 511 >< 516 28