#!/usr/local/bin/perl -w -I../blib/lib

#
# Copyright (C) 1998, David Muir Sharnoff
#

use strict;
use BSD::Ipfwgen;
use IO::Handle;

outside 'fxp0';
leaf qw(
	etha32
	etha34
	etha35
	etha36
	etha37
	etha38
	etha39
	etha40
	etha41
	etha42
);
from_us '140.174.37.22';
consolidate '209.66.121.128/25';
us qw(
	140.174.82.0/24 
	207.33.232.0/22 
	207.33.184.0/22 
	207.33.240.0/21 
	209.157.64.0/19 
	140.174.154.0/24 
	207.33.66.0/24 
	209.66.121.0/24
    );
not_us qw(
	209.66.121.0/29
);

# count_by_interface();
# count_by_tcp qw(80 119 21 53 25 871 513 23 6667);
# count_by_address qw();
drop_unwanted qw(
	192.168.0.0:255.255.0.0
	172.16.0.0:255.240.0.0
	10.0.0.0:255.0.0.0
    );

no_looping();
no_spoofing_us();
no_spoofing_by_us();
no_leaf_spoofing();

to_me_rules <<'';
	=skipto is-nfs udp from any to any 111,2049 # NFS RULES
	=skipto is-nfs tcp from any to any 111,2049
	=skipto nfs-okay all from any to any
	=skipto nfs-okay all from any to any frag # this should be not be used
	=label is-nfs
	=rulenum 20000
	pass udp from 209.66.121.17 111,2049 to 209.157.69.252 out xmit =IF0 # BUG IN FREEBSD
	=skipto nfs-okay all from 209.157.69.224/27 to any 
	=skipto nfs-okay all from 209.157.64.208/29 to any 
	=skipto nfs-okay all from 209.157.64.0/25 to any 
	=skipto nfs-okay all from any to any in via 'lo*'
	=skipto nfs-okay all from =ME to any 
	=skipto nfs-okay all from any to any frag # this should be not be used
	=deny all from any to any # NFS
	=label nfs-okay

generate qw(INSECURE DEFAULT-ACCEPT);