+# log dropped incoming connection
+log_level_in: info
+
+# disable log for outgoing connections
+log_level_out: nolog
+
+# disable SMURFS filter
+nosmurfs: 0
+
+# filter illegal combinations of TCP flags
+tcpflags: 1
+
+# enable DHCP
+dhcp: 1
+
+# enable ips
+ips: 1
+
+# specify nfqueue queues (optionnal)
+#ips_queues: 0
+ips_queues: 0:3
+
+
+[RULES]
+
+#TYPE ACTION IFACE SOURCE DEST PROTO D-PORT S-PORT
+
+IN SSH(ACCEPT) net0
+IN SSH(ACCEPT) net0 # a comment
+IN SSH(ACCEPT) net0 192.168.2.192 # only allow SSH from 192.168.2.192
+|IN SSH(ACCEPT) net0 # disabled rule
+
+# add a security group
+GROUP group1 net0
+
+OUT DNS(ACCEPT) net0
+OUT Ping(ACCEPT) net0
+OUT SSH(ACCEPT)