set ruleset-optimization basic	# reorganize if our rules can be streamlined
set block-policy drop		# ignore all unwelcomed traffic, stealth mode
set state-policy if-bound	# don't allow states to transverce interfaces
set skip on lo			# skip all traffic on loopback interfaces

scrub random-id reassemble tcp	# make an attempt to sanitize all traffic

# block everything by default
block

# allow our traffic to flow normally
pass out all modulate state