# Autodetect interfaces?
scan-interfaces		yes

# What is our default policy?
default-policy		drop

# Do we allow related icmp?
#   It's sane to say yes here, it often happens that icmp packets
#   related to a (refused/failed) connection are being sent
#   over the network.
allow-related-icmp	yes

# Do we want to limit all logging statements?
#   If yes, then define this.  Syntax is as following:
#     <limit-rate>[:<burst-limit>]
#   The limit-rate is of the form: <number>[/<timeunit>]
limit-logging		5/s:20