1*7c478bd9Sstevel@tonic-gate# 2*7c478bd9Sstevel@tonic-gate# pass ack packets (ie established connection) 3*7c478bd9Sstevel@tonic-gate# 4*7c478bd9Sstevel@tonic-gatepass in proto tcp from 10.1.0.0/16 port = 23 to 10.2.0.0/16 flags A/A 5*7c478bd9Sstevel@tonic-gatepass out proto tcp from 10.1.0.0/16 port = 23 to 10.2.0.0/16 flags A/A 6*7c478bd9Sstevel@tonic-gate# 7*7c478bd9Sstevel@tonic-gate# block incoming connection requests to my internal network from the big bad 8*7c478bd9Sstevel@tonic-gate# internet. 9*7c478bd9Sstevel@tonic-gate# 10*7c478bd9Sstevel@tonic-gateblock in on le0 proto tcp from any to 10.1.0.0/16 flags S/SA 11*7c478bd9Sstevel@tonic-gate# to block the replies: 12*7c478bd9Sstevel@tonic-gateblock out on le0 proto tcp from 10.1.0.0 to any flags SA/SA 13