block in on eri0 all head 1
pass in on eri0 proto icmp all group 1
pass out on ed0 all head 1000000
block out on ed0 proto udp all group 1000000