# disable/enable MAC address filter
macfilter: 0
+# limit layer2 specific protocols
+layer2_protocols: ARP,802_1Q,IPX,NetBEUI,PPP
+
# default policy
policy_in: DROP
policy_out: REJECT
IN SSH(ACCEPT) -i net0 -source 10.0.0.1,10.0.0.2,10.0.0.3 #accept ssh for 10.0.0.1 or 10.0.0.2 or 10.0.0.3
IN SSH(ACCEPT) -i net0 -source +mynetgroup #accept ssh for ipset mynetgroup
IN SSH(ACCEPT) -i net0 -source myserveralias #accept ssh for alias myserveralias
+IN SSH(ACCEPT) -i net0 -source FE80:0000:0000:0000:0202:B3FF:FE1E:8329
+IN ACCEPT -i net0 -p icmpv6
|IN SSH(ACCEPT) -i net0 # disabled rule