[OPTIONS] enable: 1 [GROUP group1] IN ACCEPT -source 192.168.2.0/24 -p tcp -dport 22 IN REJECT -source 192.168.2.0/24 -p tcp -dport 80 OUT REJECT -source 192.168.2.0/24 -p tcp -dport 80 OUT REJECT -p tcp -dport 443 [GROUP group2] IN ACCEPT -source 192.168.3.0/24 -p tcp -dport 22 [GROUP group3] IN ACCEPT -source 192.168.6.0/24 -p tcp -dport 22