122514Sdarrenr# 222514Sdarrenr# test ruleset 322514Sdarrenr# 422514Sdarrenr# allow packets coming from foo to bar through. 522514Sdarrenr# 653024Sguidopass in from 10.1.1.2 to 10.2.1.1 722514Sdarrenr# 822514Sdarrenr# allow any TCP packets from the same subnet as foo is on through to host 922514Sdarrenr# 10.1.1.2 if they are destined for port 6667. 1022514Sdarrenr# 1153024Sguidopass in proto tcp from 10.2.2.2/24 to 10.1.1.2/32 port = 6667 1222514Sdarrenr# 1322514Sdarrenr# allow in UDP packets which are NOT from port 53 and are destined for 1422514Sdarrenr# localhost 1522514Sdarrenr# 1653024Sguidopass in proto udp from 10.2.2.2 port != 53 to localhost 1722514Sdarrenr# 1822514Sdarrenr# block all ICMP unreachables. 1922514Sdarrenr# 2053024Sguidoblock in proto icmp from any to any icmp-type unreach 2122514Sdarrenr# 2222514Sdarrenr# allow packets through which have a non-standard IP header length (ie there 2322514Sdarrenr# are IP options such as source-routing present). 2422514Sdarrenr# 2553024Sguidopass in from any to any with ipopts 26