fwcmd="/sbin/ipfw"

# Force a flushing of the current rules before we reload.
$fwcmd -f flush

# Allow all data from my network card and localhost.  
$fwcmd add allow ip from any to any via lo0
$fwcmd add allow ip from any to any via vx0

# Allow all connections that I initiate.
$fwcmd add allow tcp from any to any out xmit tun0 setup

# Once connections are made, allow them to stay open.
$fwcmd add allow tcp from any to any via tun0 established

# This sends a RESET to all ident packets.
$fwcmd add reset log tcp from any to any 113 in recv tun0

# Allow outgoing DNS queries ONLY to the specified servers.
$fwcmd add allow udp from any to 195.5.27.244 53 out xmit tun0
$fwcmd add allow udp from any to 195.5.6.10   53 out xmit tun0

# Allow them back in with the answers...
$fwcmd add allow udp from 195.5.27.244 53 to any in recv tun0
$fwcmd add allow udp from 195.5.6.10   53 to any in recv tun0

# Deny all the rest.
$fwcmd add 65435 deny log ip from any to any