1# 2# 3# 4# 5match { logtag = 10000; } 6do { execute("/usr/bin/mail -s 'logtag 10000' root"); }; 7# 8match { logtag = 2000, every 10 seconds; } 9do { execute("echo 'XXXXXXXX tag 2000 packet XXXXXXXX'"); }; 10# 11match { protocol = udp, result = block; } 12do { file("file:///var/log/udp-block"); }; 13# 14match { protocol = tcp, result = block, dstport = 25; } 15do { syslog("local0.info"), syslog("local1."), syslog(".warn"); }; 16# 17match { srcip = 10.1.0.0/16, dstip = 192.168.1.0/24; } 18do { execute("/usr/bin/mail -s 'from 10.1 to 192.168.1' root"); }; 19 20# 21match { 22 rule = 12, logtag = 101, direction = in, result = block, 23 protocol = udp, srcip = 10.1.0.0/16, dstip = 192.168.1.0/24; } 24do { nothing; }; 25# 26