1# 2# pass ack packets (ie established connection) 3# 4pass in proto tcp from 10.1.0.0/16 port = 23 to 10.2.0.0/16 flags A/A 5pass out proto tcp from 10.1.0.0/16 port = 23 to 10.2.0.0/16 flags A/A 6# 7# block incoming connection requests to my internal network from the big bad 8# internet. 9# 10block in on le0 proto tcp from any to 10.1.0.0/16 flags S/SA 11# to block the replies: 12block out on le0 proto tcp from 10.1.0.0 to any flags SA/SA 13