Rene Hexel wrote:
>   Basically, what you do is block everything and then let through the
> services you want (the followin example uses groups to make things more
> readable):
> block in log on fxp1 all head 100
> block in log proto tcp all flags S/SA head 101 group 100
> block in log proto udp all head 102 group 100
> pass in quick proto tcp from any to any port = 22 keep state group 101
> pass in quick proto udp from any to any port = 22 keep state group 102
> pass in quick proto udp from any to any port = 53 keep state group 102

Hi Rene:

Thank you for your quick response.  Although the above rulesets do the
trick, and restrict access from the outside.  These rules unfortunately
do not allow the internal lan or the firewall server itself to access
the outside Internet.  When logged into the firewall, I cannot ping the
outside, or make tcp socket connections either.

Any ideas on what changes need to make to the above rules so that they
can allow the firewall to access the outside Internet, while restricting
the outside from coming in?

Thanks in advance.  Sincerely, Alicia.