1# 2# block all incoming TCP connections but send back a TCP-RST for ones to 3# the ident port 4# 5block in proto tcp from any to any flags S/SA 6block return-rst in quick proto tcp from any to any port = 113 flags S/SA 7# 8# block all inbound UDP packets and send back an ICMP error. 9# 10block return-icmp in proto udp from any to any 11