Manuel Bouyer <bouyer@antioche.lip6.fr> writes:

> pass out on ppp0 all keep state
> block in on ppp0 all
> 
> Because outgoing connections have been recorded by the first rule,
> they're not blocked by the second.
> 
> Now, with this you'll only have TCP connections working. You may
> want to let UDP and ICMP pass in, so that ping and DNS works.

UDP keeps state too...

--Michael