{
	"defaults": {
		"flow_offloading": "1",
		"flow_offloading_hw": "1",
		"forward": "REJECT",
		"input": "REJECT",
		"output": "ACCEPT",
		"syn_flood": "1",
		"unknown_defaults_option": "foo"
	},
	"zone": [
		{
			"name": "lan",
			"input": "ACCEPT",
			"output": "ACCEPT",
			"forward": "ACCEPT",
			"network": [ "lan" ]
		},
		{
			"input": "REJECT",
			"output": "ACCEPT",
			"forward": "REJECT",
			"masq": "1",
			"mtu_fix": "1",
			"name": "wan",
			"network": [ "wan", "wan6" ]
		}
	],
	"forwarding": {
		"dest": "wan",
		"src": "lan"
	},
	"rule": [
		{
			"name": "Allow-DHCP-Renew",
			"family": "ipv4",
			"proto": "udp",
			"src": "wan",
			"dest_port": "68",
			"target": "ACCEPT"
		},
		{
			"name": "Allow-Ping",
			"family": "ipv4",
			"proto": "icmp",
			"src": "wan",
			"icmp_type": "echo-request",
			"target": "ACCEPT"
		},
		{
			"name": "Allow-IGMP",
			"family": "ipv4",
			"proto": "igmp",
			"src": "wan",
			"target": "ACCEPT"
		},
		{
			"name": "Allow-DHCPv6",
			"family": "ipv6",
			"proto": "udp",
			"src": "wan",
			"src_ip": "fc00::/6",
			"dest_ip": "fc00::/6",
			"dest_port": "546",
			"target": "ACCEPT"
		},
		{
			"name": "Allow-MLD",
			"family": "ipv6",
			"proto": "icmp",
			"src": "wan",
			"src_ip": "fe80::/10",
			"icmp_type": [ "130/0", "131/0", "132/0", "143/0" ],
			"target": "ACCEPT"
		},
		{
			"name": "Allow-ICMPv6-Input",
			"family": "ipv6",
			"proto": "icmp",
			"src": "wan",
			"icmp_type": [
				"echo-request", "echo-reply", "destination-unreachable",
				"packet-too-big", "time-exceeded", "bad-header", "unknown-header-type",
				"router-solicitation", "neighbour-solicitation", "router-advertisement",
				"neighbour-advertisement"
			],
			"limit": "1000/sec",
			"target": "ACCEPT"
		},
		{
			"name": "Allow-ICMPv6-Forward",
			"family": "ipv6",
			"proto": "icmp",
			"src": "wan",
			"dest": "*",
			"icmp_type": [
				"echo-request", "echo-reply", "destination-unreachable",
				"packet-too-big", "time-exceeded", "bad-header", "unknown-header-type"
			],
			"limit": "1000/sec",
			"target": "ACCEPT"
		},
		{
			"name": "Allow-IPSec-ESP",
			"proto": "esp",
			"src": "wan",
			"dest": "lan",
			"target": "ACCEPT"
		},
		{
			"name": "Allow-ISAKMP",
			"proto": "udp",
			"src": "wan",
			"dest": "lan",
			"dest_port": "500",
			"target": "ACCEPT"
		},
		{
			"name": "Test-Deprecated-Rule-Option",
			"_name": "Test-Deprecated-Rule-Option",
			"proto": "tcp",
			"unknown_rule_option": "foo"
		}
	]
}