#Check packets against the dynamic ruleset,deny all incoming connections, allow all outgoing connections
add 00300 check-state
add 00301 deny tcp from any to any in established
add 00302 allow tcp from any to any out setup keep-state

#Allow DNS lookup
add 00400 allow udp from any 53 to any in
add 00402 allow udp from any to any out

#Allow ICMP - Destination Unreachable

add 00500 allow icmp from any to any icmptypes 3

#Allow source quench in both directions
add 00501 allow icmp from any to any icmptypes 4

#Allow ping out but no ping in
add 00502 allow icmp from any to any icmptypes 8 out
add 00503 allow icmp from any to any icmptypes 0 in

#Allow me to traceroute anyone

add 00504 allow icmp from any to any icmptypes 11 in

#Since I do not allow anyone to ping me back, no one can trace route me