1block in all 2block out all 3pass out proto udp from any to any keep state 4pass out proto tcp from any to any flags S keep state 5