1*0Sstevel@tonic-gate#
2*0Sstevel@tonic-gate# block all TCP packets with only the SYN flag set (this is the first
3*0Sstevel@tonic-gate# packet sent to establish a connection) out of the SYN-ACK pair.
4*0Sstevel@tonic-gate#
5*0Sstevel@tonic-gateblock in proto tcp from any to any flags S/SA
6