1*0Sstevel@tonic-gate# 2*0Sstevel@tonic-gate# Only allow TCP packets in/out of le0 if there is an outgoing connection setup 3*0Sstevel@tonic-gate# somewhere, waiting for it. 4*0Sstevel@tonic-gate# 5*0Sstevel@tonic-gatepass out quick on le0 proto tcp from any to any flags S/SAFR keep state 6*0Sstevel@tonic-gateblock out on le0 proto tcp all 7*0Sstevel@tonic-gateblock in on le0 proto tcp all 8*0Sstevel@tonic-gate# 9*0Sstevel@tonic-gate# allow nameserver queries and replies to pass through, but no other UDP 10*0Sstevel@tonic-gate# 11*0Sstevel@tonic-gatepass out quick on le0 proto udp from any to any port = 53 keep state 12*0Sstevel@tonic-gateblock out on le0 proto udp all 13*0Sstevel@tonic-gateblock in on le0 proto udp all 14