block in log level local3.info quick proto tcp from any to 195.195.195.1 flags SFUP/SFUP

block in log level local3.info quick proto tcp from any to 195.195.195.1 flags FPU/FPU

block in log level local3.info quick proto tcp from any to 195.195.195.1 flags F/F

block in log level local3.info quick proto tcp from any to 195.195.195.1 flags U/U

block in log level local3.info quick proto tcp from any to 195.195.195.1 flags P/P

# Разрешенные icmp types

pass in quick on xl0 proto icmp from any to 195.195.195.1 icmp-type echo

pass in quick on xl0 proto icmp from any to 195.195.195.1 icmp-type echorep

pass out quick on xl0 proto icmp from 195.195.195.1 to any icmp-type echorep

pass out quick on xl0 proto icmp from 195.195.195.1 to any icmp-type echo

block in log level local3.info quick on xl0 proto icmp from any to any

block out log level local3.info quick on xl0 proto icmp from any to any

# Реакция на закрытые порты

block in log level local3.info quick on xl0 proto tcp from any to 195.195.195.1 port = 136 >< 140

block in log level local3.info quick on xl0 proto udp from any to 195.195.195.1

# Разрешаем только правильные tcp-запросы к публичному сервису

pass in quick on xl0 proto tcp from any to 195.195.195.1 port = 25 flags S/S

pass in quick on xl0 proto tcp from any to 195.195.195.1 port = 25 flags A/A

pass in quick on xl0 proto tcp from any to 195.195.195.1 port = 25 flags AP/AP

pass in quick on xl0 proto tcp from any to 195.195.195.1 port = 25 flags AF/AF

Пример 3. Конфигурация межсетевого экрана PF-FILTER (для ОС семейства *BSD)

# Нормализация трафика автоматически отфильтрует нестандартные пакеты атакующего, изменит TTL

scrub in on xl0 all fragment reassemble min-ttl 20 max-mss 1440

scrub on xl0 all reassemble tcp

# можно манипулировать IP-опциями, например, сбрасывать флаг DF в 0

scrub out on xl0 all no-df