diff options
Diffstat (limited to 'contrib/ipfilter/rules/example.10')
| -rw-r--r-- | contrib/ipfilter/rules/example.10 | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/contrib/ipfilter/rules/example.10 b/contrib/ipfilter/rules/example.10 new file mode 100644 index 000000000000..477c2e071a0e --- /dev/null +++ b/contrib/ipfilter/rules/example.10 @@ -0,0 +1,12 @@ +# +# pass ack packets (ie established connection) +# +pass in proto tcp 10.1.0.0/16 port = 23 10.2.0.0/16 flags A/A +pass out proto tcp 10.1.0.0/16 port = 23 10.2.0.0/16 flags A/A +# +# block incoming connection requests to my internal network from the big bad +# internet. +# +block in on le0 proto tcp from any to 10.1.0.0/16 flags S/SA +# to block the replies: +block out on le0 proto tcp from 10.1.0.0 to any flags SA/SA |