--- /dev/null
+[OPTIONS]
+
+enable: 1
+
+[GROUP group1]
+
+IN ACCEPT 192.168.2.0/24 - tcp 22
+IN REJECT 192.168.2.0/24 - tcp 80
+OUT REJECT 192.168.2.0/24 - tcp 80
+OUT REJECT - - tcp 443
+
+[GROUP group2]
+
+IN ACCEPT 192.168.3.0/24 - tcp 22
--- /dev/null
+{ from => 'host', source => '192.168.2.1', dport => 22, action => 'ACCEPT' }
+{ from => 'host', source => '192.168.2.1', dport => 443, action => 'REJECT' }
+{ from => 'host', source => '192.168.2.1', dport => 80, action => 'REJECT' }
+{ from => 'host', source => '127.0.0.1', dport => 80, action => 'ACCEPT' }
+
+{ to => 'host', source => '127.0.0.1', dport => 22, action => 'DROP' }
+{ to => 'host', source => '192.168.2.1', dport => 22, action => 'ACCEPT' }
+{ to => 'host', source => '192.168.2.1', dport => 80, action => 'REJECT' }