example.5 revision 22514
1# 2# test ruleset 3# 4# allow packets coming from foo to bar through. 5# 6pass from foo to bar 7# 8# allow any TCP packets from the same subnet as foo is on through to host 9# 10.1.1.2 if they are destined for port 6667. 10# 11pass proto tcp from fubar/24 to 10.1.1.2/32 port = 6667 12# 13# allow in UDP packets which are NOT from port 53 and are destined for 14# localhost 15# 16pass proto udp from fubar port != 53 to localhost 17# 18# block all ICMP unreachables. 19# 20block from any to any icmp unreach 21# 22# allow packets through which have a non-standard IP header length (ie there 23# are IP options such as source-routing present). 24# 25pass from any to any with ipopts 26