example.11 revision 1.1.1.1.2.2
1# $NetBSD: example.11,v 1.1.1.1.2.2 2012/04/17 00:03:23 yamt Exp $ 2# 3# allow any TCP packets from the same subnet as foo is on through to host 4# 10.1.1.2 if they are destined for port 6667. 5# 6pass in proto tcp from 10.2.2.2/24 to 10.1.1.2/32 port = 6667 7# 8# allow in UDP packets which are NOT from port 53 and are destined for 9# localhost 10# 11pass in proto udp from 10.2.2.2 port != 53 to localhost 12# 13# block anything trying to get to X terminal ports, X:0 to X:9 14# 15block in proto tcp from any to any port 5999 >< 6010 16# 17# allow any connections to be made, except to BSD print/r-services 18# this will also protect syslog. 19# 20block in proto tcp/udp all 21pass in proto tcp/udp from any to any port 512 <> 515 22# 23# allow any connections to be made, except to BSD print/r-services 24# this will also protect syslog. 25# 26pass in proto tcp/udp all 27block in proto tcp/udp from any to any port 511 >< 516 28