#!/usr/local/bin/perl -w -I../blib/lib

#
# Copyright (C) 1998, David Muir Sharnoff
#

use strict;
use BSD::Ipfwgen;
use IO::Handle;

outside 'fxp0';
leaf 'etha32';
consolidate '209.66.121.128/25';
us qw(
	140.174.82.0/24 
	207.33.232.0/22 
	207.33.184.0/22 
	207.33.240.0/21 
	209.157.64.0/19 
	140.174.154.0/24 
	207.33.66.0/24 
	209.66.121.0/24
    );
not_us qw(
	209.66.121.0/29
);
symmetric qw(
	209.66.121.0/27
    );


count_by_interface();
count_by_tcp qw(80 119 21 53 25 871 513 23 6667);
count_by_address qw();
drop_unwanted qw(
	192.168.0.0:255.255.0.0
	172.16.0.0:255.240.0.0
	10.0.0.0:255.0.0.0
    );

no_looping();
no_spoofing_us();
no_spoofing_by_us();
no_leaf_spoofing();

to_me_rules <<'';
	=deny udp from not 140.174.82.0/26 to any 111,2049 # portmap, NFS
	=deny tcp from not 140.174.82.0/26 to any 111 # portmap

from_me_rules <<'';
	=deny udp from any 111,2049 to not 140.174.82.0/26 # portmap, NFS
	=deny tcp from any 111 to not 140.174.82.0/26 # portmap

generate qw(INSECURE DEFAULT-ACCEPT);
