yzguy/firewall.txt

## firewall.txt
firewall {
    all-ping enable
    broadcast-ping disable
    ipv6-receive-redirects disable
    ipv6-src-route disable
    ip-src-route disable
    log-martians enable
    name WAN_IN {
        default-action drop
        description "WAN to internal"
        rule 10 {
            action accept
            description "Allow established/related"
            state {
                established enable
                related enable
            }
        }
        rule 20 {
            action drop
            description "Drop invalid state"
            state {
                invalid enable
            }
        }
    }
    name WAN_LOCAL {
        default-action drop
        description "WAN to router"
        rule 10 {
            action accept
            description "Allow established/related"
            state {
                established enable
                related enable
            }
        }
        rule 20 {
            action drop
            description "Drop invalid state"
            state {
                invalid enable
            }
        }
    }
    receive-redirects disable
    send-redirects enable
    source-validation disable
    syn-cookies enable
}
	firewall {
	all-ping enable
	broadcast-ping disable
	ipv6-receive-redirects disable
	ipv6-src-route disable
	ip-src-route disable
	log-martians enable
	name WAN_IN {
	default-action drop
	description "WAN to internal"
	rule 10 {
	action accept
	description "Allow established/related"
	state {
	established enable
	related enable
	}
	}
	rule 20 {
	action drop
	description "Drop invalid state"
	state {
	invalid enable
	}
	}
	}
	name WAN_LOCAL {
	default-action drop
	description "WAN to router"
	rule 10 {
	action accept
	description "Allow established/related"
	state {
	established enable
	related enable
	}
	}
	rule 20 {
	action drop
	description "Drop invalid state"
	state {
	invalid enable
	}
	}
	}
	receive-redirects disable
	send-redirects enable
	source-validation disable
	syn-cookies enable
	}