1pass in from localhost to localhost with short,frags 2block in from any to any with ipopts 3pass in from any to any with opt nop,rr,zsu 4pass in from any to any with opt nop,rr,zsu not opt ssrr,lsrr 5pass in from localhost to localhost and not frag 6pass in from localhost to localhost with frags,frag-body 7pass in proto tcp all flags S with not oow keep state 8block in proto tcp all with oow 9pass in proto tcp all flags S with not bad,bad-src,bad-nat 10block in proto tcp all flags S with bad,not bad-src,not bad-nat 11pass in quick all with not short 12block in quick all with not nat 13pass in quick all with not frag-body 14block in quick all with not lowttl 15pass in all with mbcast,not bcast,multicast,not state,not ipopts 16block in all with not mbcast,bcast,not multicast,state 17pass in from any to any with opt mtur,mtup,encode,ts,tr,sec,cipso,satid,ssrr,visa,imitd,eip,finn,dps,sdb,nsapa,rtralrt,ump,addext,e-sec 18