# flush the pre-existing rules
ipfw -q -f flush

# drop and log nmap fingerprinting
ipfw -q add 00050 deny log tcp from any to any in tcpflags syn,fin

# prevent rfc1918 stuff from leaking out
ipfw -q add 00100 deny ip from any to 10.0.0.0/8     via tun0 out
ipfw -q add 00200 deny ip from any to 127.0.0.0/8    via tun0 out
ipfw -q add 00300 deny ip from any to 172.16.0.0/12  via tun0 out
ipfw -q add 00400 deny ip from any to 192.168.0.0/16 via tun0 out

# prevent netbios from leaking out
ipfw -q add 00500 deny log tcp from any to any 139 via tun0 out
ipfw -q add 00600 deny log udp from any to any 138 via tun0 out
ipfw -q add 00700 deny log udp from any to any 137 via tun0 out