ruleset R_DROP_INVALID
 description Drop invalid connections
 state invalid target drop
 !
ruleset R_ACCEPT_RELATED_ESTABLISHED
 description Accept related and established connections
 state related,established target accept
 !
ruleset R_ACCEPT_MY_COMPANY-SSH
 description Accept SSH from My Company
 tcp source 10.20.30.0 24 destination-port ssh target accept
 !
ruleset R_ACCEPT_MY_COMPANY-FTP
 description Accept FTP from My Company's technical gateway
 tcp source 10.20.30.40 32 destination-port ftp target accept
 udp source 10.20.30.40 32 destination-port ftp-data target accept
 !
ruleset R_MY_COMPANY-IN
 description Connections from My Company
 expand R_ACCEPT_MY_COMPANY-SSH
 expand R_ACCEPT_MY_COMPANY-FTP
 !
ruleset R_MY_FIREWALL-IN
 description Incomming firewall
 prepend expand filter input interface-in eth0
 input-politic drop
 expand R_DROP_INVALID
 expand R_ACCEPT_RELATED_ESTABLISHED
 expand R_MY_COMPANY
 !
expand R_MY_FIREWALL-IN