1# $NetBSD$ 2# 3# pass ack packets (ie established connection) 4# 5pass in proto tcp from 10.1.0.0/16 port = 23 to 10.2.0.0/16 flags A/A 6pass out proto tcp from 10.1.0.0/16 port = 23 to 10.2.0.0/16 flags A/A 7# 8# block incoming connection requests to my internal network from the big bad 9# internet. 10# 11block in on le0 proto tcp from any to 10.1.0.0/16 flags S/SA 12# to block the replies: 13block out on le0 proto tcp from 10.1.0.0 to any flags SA/SA 14