NetBSD/usr.sbin/ipf/rules/example.1

#
# block all incoming TCP packets on le0 from host "foo" to any destination.
#
block in on le0 proto tcp from foo/32 to any