#SOURCE ZONE     DESTINATION ZONE    POLICY     LOG     LIMIT:BURST
#                                               LEVEL
#Allow the firewall to get out to the net. Updates/e-mail alerts etc. I could pinhole this, but meh COME AT ME NSA
$FW		wan		         ACCEPT

#Road warrior is trusted. It serves as an extension of the mgmt net. 
vpnrwr 		all		 ACCEPT

#Anything transisting the vpn link between ausprod-core-rtr01 and tsys-rtr has already been passed firewall rules and IPS inspection.
#Otherwise I wouldn't allow this
vpnauslab 	all		 ACCEPT

#Drop everything inbound from the big bad world that isn't explicitly allowed. 
#Cause the net is where the NSA lives
wan              all                 DROP

#Drop everything that isn't explicitly allowed. 
#Make explicit rules for everything yo. The NSA says you should.  Duh. 
# #state-sponsored-malware #stuxnet-was-an-inside-job
all 		all			 REJECT info