# Copyright (C) 1998, Synack Systems Corporation.  Created 1998. All
#  rights reserved.
#
# License to copy and use this software is granted provided that it
# is identified as the "Synack Systems Corp., BeProtected IP Packet
# Filter" in all material mentioning or referencing this software.
#
# License is also granted to make and use derivative works provided
# that such works are identified as "derived from the Synack Systems
# Corp., BeProtected IP packet filter" in all material
# mentioning or referencing the derived work.
#
# Synack Systems Corp.  makes no representations concerning either
# the merchantability of this software or the suitability of this
# software for any particular purpose. It is provided "as is"
# without express or implied warranty of any kind.
#
# These notices must be retained in any copies of any part of this
# documentation and/or software.

# This is the default filter set

# There are several default filters that are run no matter what -- look at the
# source -- they will be configurable soon.

# Filters are applied sequentially as they appear in this file

# These filters affect only the PPP interface
interface ppp

#deny any packets with ip options
deny any ip_options

#deny any traffic from 10.x.x.x. since that is our internal addresses and
#should be allowed from ther ethernet only
deny any from 10.0.0.0-10.255.255.255

#don't allow people to iniaite TCP connections with us, just us to them.
deny tcp from any port any flags S


# Anyone on the local ethernet can hack machine however they want and any PPP
# packets not explictly denied above will be allowed now.

interface ppp ethernet
allow any
