1# block all ICMP packets. 2# 3block in proto icmp all 4# 5# allow in ICMP echos and echo-replies. 6# 7pass in on le1 proto icmp from any to any icmp-type echo 8pass in on le1 proto icmp from any to any icmp-type echorep 9# 10# block all ICMP destination unreachable packets which are port-unreachables 11# 12block in on le1 proto icmp from any to any icmp-type unreach code 3 13