# drop packets composed of small fragments
option small_frags on eth0
                                                                                         
# default behavior = deny everything
block in on eth0 all
block out on eth0 all

# allow DNS resolution to our nameserver
pass out on eth0 proto udp from me to any port = 53
pass in on eth0 proto udp from any port = 53 to me

# pass out on eth0 proto tcp from 192.168.1.100 to any port = 80
# pass in on eth0 proto tcp from any port = 80 to 192.168.1.100

# pass out on eth0 proto tcp from me to any port = 80
# pass in on eth0 proto tcp from any port = 80 to me

pass out on eth0 from me to 128.198.1.0/24
pass in on eth0 from 128.198.1.0/24 to me

#	SSH CLIENT - WINDOM.UCCS.EDU
pass out on eth0 proto tcp from me port > 1023 to [windom.uccs.edu] port = 22
pass in on eth0 proto tcp from [windom.uccs.edu] port = 22 to me port > 1023
#	END - SSH CLIENT - WINDOM.UCCS.EDU

#	SFTP CLIENT - VIVA.UCCS.EDU
pass out on eth0 proto tcp from me port > 1023 to [viva.uccs.edu] port = 22
pass in on eth0 proto tcp from [viva.uccs.edu] port = 22 to me port > 1023
#	END - SFTP CLIENT - VIVA.UCCS.EDU

pass out on eth0 proto tcp from me to [slashdot.org] port = 80
pass in on eth0 proto tcp from [slashdot.org] port = 80 to me

pass out on eth0 proto tcp from me to [www.yahoo.com] port = 80
pass in on eth0 proto tcp from [www.yahoo.com] port = 80 to me

pass out on eth0 proto tcp from me to [www.uccs.edu] port = 80
pass in on eth0 proto tcp from [www.uccs.edu] port = 80 to me

pass out on eth0 proto tcp from me to [www.google.com] port = 80
pass in on eth0 proto tcp from [www.google.com] port = 80 to me

# pass out on eth0 proto tcp from me to [slashdot.org] port = 80
# pass in on eth0 proto tcp from [slashdot.org] port = 80 to me

# stats on eth0
# pass out on eth0 proto tcp from 192.168.1.100 to any port = 443
# pass in on eth0 proto tcp from any port = 443 to 192.168.1.100

pass out on eth0 proto udp from any port = 68 to any port = 67
pass in on eth0 proto udp from any port = 67 to any port = 68

# allow inbound ICMP traffic (ping)
# pass in on eth0 proto icmp from any to any icmp-type echorep
# pass out on eth0 proto icmp from any to any icmp-type echo

# allow RDP (Terminal Services) administration from our administration subnet 
# pass in on eth0 proto tcp from 10.42.42.0/24 port > 1024 to 192.168.1.1 port = 3389
# pass out on eth0 proto tcp from 192.168.1.1 port = 3389 to 10.42.42.0/24 port > 1024 established