1# 2# For a network server, which has two interfaces, 128.1.40.1 (le0) and 3# 128.1.2.1 (le1), we want to block all IP spoofing attacks. le1 is 4# connected to the majority of the network, whilst le0 is connected to a 5# leaf subnet. We're not concerned about filtering individual services 6# or 7# 8pass in quick on le0 from 128.1.40.0/24 to any 9block in log quick on le0 from any to any 10block in log quick on le1 from 128.1.1.0/24 to any 11pass in quick on le1 from any to any 12