ruleset R_DROP_INVALID description Drop invalid connections state invalid target drop ! ruleset R_ACCEPT_RELATED_ESTABLISHED description Accept related and established connections state related,established target accept ! ruleset R_ACCEPT_MY_COMPANY-SSH description Accept SSH from My Company tcp source 10.20.30.0 24 destination-port ssh target accept ! ruleset R_ACCEPT_MY_COMPANY-FTP description Accept FTP from My Company's technical gateway tcp source 10.20.30.40 32 destination-port ftp target accept udp source 10.20.30.40 32 destination-port ftp-data target accept ! ruleset R_MY_COMPANY-IN description Connections from My Company expand R_ACCEPT_MY_COMPANY-SSH expand R_ACCEPT_MY_COMPANY-FTP ! ruleset R_MY_FIREWALL-IN description Incomming firewall prepend expand filter input interface-in eth0 input-politic drop expand R_DROP_INVALID expand R_ACCEPT_RELATED_ESTABLISHED expand R_MY_COMPANY ! expand R_MY_FIREWALL-IN