Annotation of src/share/ipf/example.14, Revision 1.1
1.1 ! dm 1: #
! 2: # For a network server, which has two interfaces, 128.1.40.1 (le0) and
! 3: # 128.1.2.1 (le1), we want to block all IP spoofing attacks. le1 is
! 4: # connected to the majority of the network, whilst le0 is connected to a
! 5: # leaf subnet. We're not concerned about filtering individual services.
! 6: #
! 7: pass in quick on le0 from 128.1.40.0/24 to any
! 8: block in quick log on le0 from any to any
! 9: block in quick log on le1 from 128.1.40.0/24 to any
! 10: pass in quick on le1 from any to any