Excellent reference. It even mentions the exotic SNORT rules. For some reason, these are never discussed in this forum, even though they are more relevant to firewalls than "leak tests". Maybe because "leak tests" are easier to understand? Maybe because modern "leak test" firewalls don't do SNORT?