Firewall/example

default-action drop description "Filters traffic from the Internet to LAN" rule 1 { action accept state { established enable related enable } } rule 10 { action accept protocol icmp } rule 20 { action accept description "Allow HTTP access from the Internet" destination { port http }    protocol tcp } rule 25 { action accept description "Allow HTTPS access from the Internet" destination { port https }    protocol tcp } rule 30 { action accept description "Allow FTP access from the Internet" destination { port 21 }    protocol tcp } rule 40 { action accept description "Allow DNS queries from the Internet over TCP" destination { port domain }    protocol tcp } rule 45 { action accept description "Allow DNS queries from the Internet over UDP" destination { port domain }    protocol udp } rule 50 { action accept description "Allow SSH access from the Internet" destination { port ssh }    protocol tcp } rule 60 { action accept description "Allow SMTP access from the Internet" destination { port smtp }    protocol tcp }
 * 1) show firewall name InternetToLocal

default-action drop description "Filters traffic from the Internet to router itself" rule 1 { action accept state { established enable related enable } } rule 10 { action accept protocol icmp } rule 20 { action accept description "Allow PPTP access from the Internet" destination { port 1723 }    protocol tcp } rule 30 { action accept destination { port 1194 }    protocol tcp } rule 40 { action accept description "Some site-to-site OpenVPN access" destination { port 9754 }    protocol tcp source { address xx.xx.xxx.xx    } }
 * 1) show firewall name InternetToRouter

default-action accept description "Filters traffic from local networks to the Internet" rule 1 { action drop description "Deny SMTP from everything except of mail relay, to prevent spam" destination { port smtp }    protocol tcp source { address !10.91.19.5 } }
 * 1) show firewall name LocalToInternet

description "WAN interface" hw-id 00:xx:xx:xx:xx:xx pppoe 0 { default-route auto firewall { in { name InternetToLocal }        local { name InternetToRouter }        out { name LocalToInternet }    }     password XXXXXXXXXX user-id XXXXXXXXX }
 * 1) show interfaces ethernet eth1