1# 2# Only allow TCP packets in/out of le0 if there is an outgoing connection setup 3# somewhere, waiting for it. 4# 5pass out quick on le0 proto tcp from any to any flags S/SAFR keep state 6block out on le0 proto tcp all 7block in on le0 proto tcp all 8# 9# allow nameserver queries and replies to pass through, but no other UDP 10# 11pass out quick on le0 proto udp from any to any port = 53 keep state 12block out on le0 proto udp all 13block in on le0 proto udp all 14