1*bc4097aaSchristos# $NetBSD: example.9,v 1.1.1.1 2012/03/23 21:20:15 christos Exp $ 2*bc4097aaSchristos# 3*bc4097aaSchristos# drop all packets without IP security options 4*bc4097aaSchristos# 5*bc4097aaSchristosblock in all 6*bc4097aaSchristospass in all with opt sec 7*bc4097aaSchristos# 8*bc4097aaSchristos# only allow packets in and out on le1 which are top secret 9*bc4097aaSchristos# 10*bc4097aaSchristosblock out on le1 all 11*bc4097aaSchristospass out on le1 all with opt sec-class topsecret 12*bc4097aaSchristosblock in on le1 all 13*bc4097aaSchristospass in on le1 all with opt sec-class topsecret 14