remark -- ICMP for maintenance traffic only -------------------
 permit icmp any any echo-reply
 permit icmp any any packet-too-big
 permit icmp any any time-exceeded
 permit icmp any any unreachable
 remark -- SMTP for email --------------------------------------
 permit tcp any any eq smtp
 deny   tcp any any eq 113
 remark -- DNS -------------------------------------------------
 permit udp any any eq domain
 permit tcp any any eq domain
 remark -- WEB SERVER ------------------------------------------
 permit tcp any any eq www
 permit tcp any any eq 443
 remark -- NTP only for selected servers -----------------------
 permit udp host 193.67.79.202 any eq ntp
 permit udp host 194.109.20.18 any eq ntp
 permit udp host 194.109.22.18 any eq ntp
 permit udp any eq ntp any
 remark -- DROP and LOG everything else ------------------------
 deny   ip any any log
 remark -- DONE ------------------------------------------------