static/netbsd/man9/example.9


1
2
3
4
5
6
7
8
9
10
11
12
13

#	$NetBSD: example.9,v 1.1.1.1 2012/03/23 21:20:15 christos Exp $
#
# drop all packets without IP security options
#
block in all
pass in all with opt sec
#
# only allow packets in and out on le1 which are top secret
#
block out on le1 all
pass out on le1 all with opt sec-class topsecret
block in on le1 all
pass in on le1 all with opt sec-class topsecret