1block drop out log on tun1000000 all 2block drop in log on tun1000000 all 3block return-rst out log on tun1000000 proto tcp all 4block return-rst in log on tun1000000 proto tcp all 5block return-icmp(port-unr, port-unr) out log on tun1000000 proto udp all 6block return-icmp(port-unr, port-unr) in log on tun1000000 proto udp all 7block drop out log quick on tun1000000 inet from ! 157.161.48.183 to any 8block drop in quick on tun1000000 inet from any to 255.255.255.255 9block drop in log quick on tun1000000 inet from 10.0.0.0/8 to any 10block drop in log quick on tun1000000 inet from 172.16.0.0/12 to any 11block drop in log quick on tun1000000 inet from 192.168.0.0/16 to any 12block drop in log quick on tun1000000 inet from 255.255.255.255 to any 13pass out on tun1000000 inet proto icmp all icmp-type echoreq code 0 keep state 14pass in on tun1000000 inet proto icmp all icmp-type echoreq code 0 keep state 15pass out on tun1000000 proto udp all keep state 16pass in on tun1000000 proto udp from any to any port = domain keep state 17pass out on tun1000000 proto tcp all flags S/SA modulate state 18pass in on tun1000000 proto tcp all flags S/SA modulate state 19pass in on tun1000000 proto udp all keep state 20pass in on tun1000000 proto icmp all keep state 21pass in on tun1000000 proto udp all keep state 22pass in on tun1000000 proto tcp all flags S/SA synproxy state 23pass in on tun1000000 proto icmp all keep state 24pass in on tun1000000 proto tcp from any to any port = ssh flags S/SA modulate state 25pass in on tun1000000 proto tcp from any to any port = smtp flags S/SA modulate state 26pass in on tun1000000 proto tcp from any to any port = domain flags S/SA modulate state 27pass in on tun1000000 proto tcp from any to any port = auth flags S/SA modulate state 28