So far I can get Solaris to block everything, but not selective. Here are the rules I use:
# block short packets which are packets fragmented too short to be real. block in log quick all with short # Allow ssh pass in quick on iprb0 proto tcp from any to 0/32 port = 22 flags S keep state group 100 # Allow anything out pass out all # Allow nothing else in block in all
