#Generic VPN Firewall Rules - These are examples to allow the VPNs
# and remote management access to the router and are configured so that
# only PPP 1 (WAN) requires the firewall to be enabled using the PPP 1 link below
#Allow access to router management web but block internet browsing
pass in break end on ppp 1 from any to addr-ppp 1  port=http inspect-state 
pass in break end from any to addr-eth 0  port=http inspect-state 
#Allow FTP and telnet traffic to the router (optional)
# pass in break end proto ftp from any to any port=ftpcnt inspect-state
# pass in break end from any to addr-ppp 1  port=telnet inspect-state
#Allow the Eroutes (VPNs)
pass break end on ppp 1 from any to any port=ike 
pass break end on ppp 1 from any to any port=4500 
pass break end on ppp 1 proto 50 
#The following rule is required for each individual Eroute defined
pass break end oneroute 0 
#Allow ping out for the VRRP+ redundancy or GPRS active ping if used
pass out break end on ppp 1 proto icmp icmp-type echo inspect-state 
pass out break end on ppp 1 from any to any port=dns inspect-state
#Log any other traffic hits on the router
block log break end