copy this file to your security directory, remove the blank lines, this line, and titles. Remove any sections you do not need. xxx.xxx.xxx = your secure interface General antihacking rules deny 127.0.0.0 255.0.0.0 0.0.0.0 0.0.0.0 all any 0 any 0 both both inbound deny xxx.x.xxx.0 255.255.255.255 0.0.0.0 0.0.0.0 all any 0 any 0 both both both deny 0.0.0.0 0.0.0.0 xxx.x.xxx.0 255.255.255.255 all any 0 any 0 both both both deny xxx.x.xxx.255 255.255.255.255 0.0.0.0 0.0.0.0 all any 0 any 0 both both both deny 0.0.0.0 0.0.0.0 xxx.x.xxx.255 255.255.255.255 all any 0 any 0 both both both deny 10.0.0.0 255.0.0.0 0.0.0.0 0.0.0.0 all any 0 any 0 both both both deny 172.16.0.0 255.240.0.0 0.0.0.0 0.0.0.0 all any 0 any 0 both both both deny 192.168.0.0 255.255.0.0 0.0.0.0 0.0.0.0 all any 0 any 0 both both both deny 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 icmp any 0 any 0 both both inbound l=no f=yes t=0 DNS permit 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 udp any 0 any 0 both both both l=no f=yes t=0 Mail Server permit 0.0.0.0 0.0.0.0 xxx.x.xxx.xxx 255.255.255.255 tcp gt 1023 eq 110 secure both Inbound permit xxx.x.xxx.xxx 255.255.255.255 0.0.0.0 0.0.0.0 tcp gt 1023 eq 110 secure both Outbound permit xxx.x.xxx.xxx 255.255.255.255 0.0.0.0 0.0.0.0 tcp gt 1023 eq 25 secure both Outbound permit 0.0.0.0 0.0.0.0 xxx.x.xxx.xxx 255.255.255.255 tcp gt 1023 eq 25 secure both Inbound permit 0.0.0.0 0.0.0.0 xxx.x.xxx.xxx 255.255.255.255 tcp/ack eq 25 gt 1023 secure both Inbound permit xxx.x.xxx.xxx 255.255.255.255 0.0.0.0 0.0.0.0 tcp/ack eq 25 gt 1023 secure both Outbound FTP Server permit 0 0 xxx.x.xxx.xxx 255.255.255.255 tcp gt 1023 eq 21 secure route outbound l=no f=no t=0 permit xxx.x.xxx.xxx 255.255.255.255 0 0 tcp/ack eq 21 gt 1023 secure route inbound l=no f=no t=0 permit 0 0 xxx.x.xxx.xxx 255.255.255.255 tcp gt 1023 gt 1023 secure route outbound l=no f=no t=0 permit xxx.x.xxx.xxx 255.255.255.255 0 0 tcp/ack gt 1023 gt 1023 secure route inbound l=no f=no t=0 HTTPD permit xxx.x.xxx.xxx 255.255.255.255 0.0.0.0 0.0.0.0 tcp gt 1023 eq 80 secure both Outbound permit 0.0.0.0 0.0.0.0 xxx.x.xxx.xxx 255.255.255.255 tcp/ack eq 80 gt 1023 secure both Inbound The important catchall at the end. deny 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 all any 0 any 0 both both both l=no f=yes t=0