122514Sdarrenr# 222514Sdarrenr# pass ack packets (ie established connection) 322514Sdarrenr# 431183Speterpass in proto tcp from 10.1.0.0/16 port = 23 to 10.2.0.0/16 flags A/A 531183Speterpass out proto tcp from 10.1.0.0/16 port = 23 to 10.2.0.0/16 flags A/A 622514Sdarrenr# 722514Sdarrenr# block incoming connection requests to my internal network from the big bad 822514Sdarrenr# internet. 922514Sdarrenr# 1022514Sdarrenrblock in on le0 proto tcp from any to 10.1.0.0/16 flags S/SA 1122514Sdarrenr# to block the replies: 1222514Sdarrenrblock out on le0 proto tcp from 10.1.0.0 to any flags SA/SA 13