1 # 2 # Only allow TCP packets in/out of le0 if there is an outgoing connection setup 3 # somewhere, waiting for it. 4 # 5 pass out quick on le0 proto tcp from any to any flags S/SAFR keep state 6 block out on le0 proto tcp all 7 block in on le0 proto tcp all 8 # 9 # allow nameserver queries and replies to pass through, but no other UDP 10 # 11 pass out quick on le0 proto udp from any to any port = 53 keep state 12 block out on le0 proto udp all 13 block in on le0 proto udp all 14