You are a security analyst at Acme Corp. A new policy requires that:
• Only the web server (10.0.0.10) may accept inbound HTTP (port 80) and HTTPS (port 443) traffic from any source.
• The database server (10.0.0.20) must only accept connections from the web server (10.0.0.10) on port 3306.
• All other inbound traffic to internal hosts must be denied.

Configure the firewall ACL rules below to enforce this policy. Rules are evaluated top-down — the first match wins.