1*7c478bd9Sstevel@tonic-gate# 2*7c478bd9Sstevel@tonic-gate# For a network server, which has two interfaces, 128.1.40.1 (le0) and 3*7c478bd9Sstevel@tonic-gate# 128.1.2.1 (le1), we want to block all IP spoofing attacks. le1 is 4*7c478bd9Sstevel@tonic-gate# connected to the majority of the network, whilst le0 is connected to a 5*7c478bd9Sstevel@tonic-gate# leaf subnet. We're not concerned about filtering individual services 6*7c478bd9Sstevel@tonic-gate# or 7*7c478bd9Sstevel@tonic-gate# 8*7c478bd9Sstevel@tonic-gatepass in quick on le0 from 128.1.40.0/24 to any 9*7c478bd9Sstevel@tonic-gateblock in log quick on le0 from any to any 10*7c478bd9Sstevel@tonic-gateblock in log quick on le1 from 128.1.1.0/24 to any 11*7c478bd9Sstevel@tonic-gatepass in quick on le1 from any to any 12