1#
2# block all TCP packets with only the SYN flag set (this is the first
3# packet sent to establish a connection) out of the SYN-ACK pair.
4#
5block in proto tcp from any to any flags S/SA
6