Mine
public text v1 · immutableIPF="ipfw -q add"
ipfw -q -f flush
# replace this with your interface (eg: em0, re0, fxp0)
PIF="re0"
$IPF 40 deny log tcp from any to any in tcpflags fin,psh,urg recv $PIF
$IPF 41 deny log tcp from any to any in tcpflags !fin,!syn,!rst,!psh,!ack,!urg recv $PIF
$IPF 42 deny log tcp from any to any in tcpflags syn,fin recv $PIF
$IPF 43 deny log tcp from any to any in tcpflags fin,rst recv $PIF
$IPF 44 deny log ip from any to any in ipoptions ssrr,lsrr,rr,ts recv $PIF