copy this file to your security directory, remove the blank lines, this line, and titles. Remove any sections you do not need. General antihacking rules deny 127.0.0.0 255.0.0.0 0.0.0.0 0.0.0.0 all any 0 any 0 both both inbound deny xxx.x.xxx.0 255.255.255.255 0.0.0.0 0.0.0.0 all any 0 any 0 both both both deny 0.0.0.0 0.0.0.0 xxx.x.xxx.0 255.255.255.255 all any 0 any 0 both both both deny xxx.x.xxx.255 255.255.255.255 0.0.0.0 0.0.0.0 all any 0 any 0 both both both deny 0.0.0.0 0.0.0.0 xxx.x.xxx.255 255.255.255.255 all any 0 any 0 both both both deny 0.0.0.0 0.0.0.0 224.0.0.0 224.0.0.0 all any 0 any 0 non-secure both both deny 10.0.0.0 255.0.0.0 0.0.0.0 0.0.0.0 all any 0 any 0 both both both deny 172.16.0.0 255.240.0.0 0.0.0.0 0.0.0.0 all any 0 any 0 both both both deny 192.168.0.0 255.255.0.0 0.0.0.0 0.0.0.0 all any 0 any 0 both both both deny 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 icmp any 0 any 0 both both inbound l=no f=yes t=0 DNS permit 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 udp any 0 any 0 both both both l=no f=yes t=0 Mail Server permit 0.0.0.0 0.0.0.0 xxx.x.xxx.xxx 255.255.255.255 tcp gt 1023 eq 110 secure both Inbound permit xxx.x.xxx.xxx 255.255.255.255 0.0.0.0 0.0.0.0 tcp gt 1023 eq 110 secure both Outbound permit 0.0.0.0 0.0.0.0 xxx.x.xxx.xxx 255.255.255.255 tcp/ack eq 110 gt 1023 non-secure both Inbound permit xxx.x.xxx.xxx 255.255.255.255 0.0.0.0 0.0.0.0 tcp/ack eq 110 gt 1023 non-secure both Outbound permit 0.0.0.0 0.0.0.0 xxx.x.xxx.xxx 255.255.255.255 tcp gt 1023 eq 25 non-secure both Inbound permit xxx.x.xxx.xxx 255.255.255.255 0.0.0.0 0.0.0.0 tcp gt 1023 eq 25 secure both Outbound permit 0.0.0.0 0.0.0.0 xxx.x.xxx.xxx 255.255.255.255 tcp gt 1023 eq 25 secure both Inbound permit xxx.x.xxx.xxx 255.255.255.255 0.0.0.0 0.0.0.0 tcp gt 1023 eq 25 non-secure both Outbound permit 0.0.0.0 0.0.0.0 xxx.x.xxx.xxx 255.255.255.255 tcp/ack eq 25 gt 1023 secure both Inbound permit xxx.x.xxx.xxx 255.255.255.255 0.0.0.0 0.0.0.0 tcp/ack eq 25 gt 1023 non-secure both Outbound permit 0.0.0.0 0.0.0.0 xxx.x.xxx.xxx 255.255.255.255 tcp/ack eq 25 gt 1023 non-secure both Inbound permit xxx.x.xxx.xxx 255.255.255.255 0.0.0.0 0.0.0.0 tcp/ack eq 25 gt 1023 secure both Outbound FTP Server permit 0.0.0.0 0.0.0.0 xxx.x.xxx.xxx 255.255.255.255 tcp gt 1023 eq 21 non-secure route inbound l=no f=no t=0 permit 0.0.0.0 0.0.0.0 xxx.x.xxx.xxx 255.255.255.255 tcp gt 1023 eq 21 secure route outbound l=no f=no t=0 permit xxx.x.xxx.xxx 255.255.255.255 0.0.0.0 0.0.0.0 tcp/ack eq 21 gt 1023 secure route inbound l=no f=no t=0 permit xxx.x.xxx.xxx 255.255.255.255 0.0.0.0 0.0.0.0 tcp/ack eq 21 gt 1023 non-secure route outbound l=no f=no t=0 permit 0.0.0.0 0.0.0.0 xxx.x.xxx.xxx 255.255.255.255 tcp gt 1023 gt 1023 non-secure route inbound l=no f=no t=0 permit 0.0.0.0 0.0.0.0 xxx.x.xxx.xxx 255.255.255.255 tcp gt 1023 gt 1023 secure route outbound l=no f=no t=0 permit xxx.x.xxx.xxx 255.255.255.255 0.0.0.0 0.0.0.0 tcp/ack gt 1023 gt 1023 secure route inbound l=no f=no t=0 permit xxx.x.xxx.xxx 255.255.255.255 0.0.0.0 0.0.0.0 tcp/ack gt 1023 gt 1023 non-secure route outbound l=no f=no t=0 HTTPD permit 0.0.0.0 0.0.0.0 xxx.x.xxx.xxx 255.255.255.255 tcp gt 1023 eq 80 non-secure both Inbound permit xxx.x.xxx.xxx 255.255.255.255 0.0.0.0 0.0.0.0 tcp gt 1023 eq 80 secure both Outbound permit 0.0.0.0 0.0.0.0 xxx.x.xxx.xxx 255.255.255.255 tcp/ack eq 80 gt 1023 secure both Inbound permit xxx.x.xxx.xxx 255.255.255.255 0.0.0.0 0.0.0.0 tcp/ack eq 80 gt 1023 non-secure both Outbound The important catchall at the end. deny 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 all any 0 any 0 both both both l=no f=yes t=0