1 pass in from localhost to localhost with short,frags
2 block in from any to any with ipopts
3 pass in from any to any with opt nop,rr,zsu
4 pass in from any to any with opt nop,rr,zsu not opt ssrr,lsrr
5 pass in from localhost to localhost and not frag
6 pass in from localhost to localhost with frags,frag-body
7 pass in proto tcp all flags S with not oow keep state
8 block in proto tcp all with oow
9 pass in proto tcp all flags S with not bad,bad-src,bad-nat
10 block in proto tcp all flags S with bad,not bad-src,not bad-nat
11 pass in quick all with not short
12 block in quick all with not nat
13 pass in quick all with not frag-body
14 block in quick all with not lowttl
15 pass in all with mbcast,not bcast,multicast,not state,not ipopts
16 block in all with not mbcast,bcast,not multicast,state
17 pass in from any to any with opt mtur,mtup,encode,ts,tr,sec,cipso,satid,ssrr,visa,imitd,eip,finn,dps,sdb,nsapa,rtralrt,ump,addext,e-sec