Dynamic deal with configuration is the best choice. Basically set up a DHCP client on the public interface.The 1st rule accepts packets from currently proven connections, assuming They are really Protected to not overload the CPU. The 2nd rule drops any packet that connection tracking identifies as invalid. After that, we setup common acknowledge r