<filter name='tck-testcase'>
  <uuid>0a5288ea-612c-834a-6bbf-82a03a1a3244</uuid>

  <!-- VM outgoing: allow all established and related connections -->
  <rule action='accept' direction='out' priority='100'>
    <all state='ESTABLISHED,RELATED'
         comment='out: existing and related (ftp) connections'/>
  </rule>

  <!-- VM incoming: allow all established connections -->
  <rule action='accept' direction='in' priority='100'>
    <all state='ESTABLISHED'
         comment='in: existing connections'/>
  </rule>

  <!-- allow incoming ssh and ftp traffic -->
  <rule action='accept' direction='in' priority='200'>
    <tcp dstportstart='21' dstportend='22' state='NEW'
         comment='in: ftp and ssh'/>
  </rule>

  <!-- allow incoming ICMP (ping) packets -->
  <rule action='accept' direction='in' priority='300'>
    <icmp state='NEW' comment='in: icmp'/>
  </rule>

  <!-- allow outgong DNS lookups -->
  <rule action='accept' direction='out' priority='300'>
    <udp dstportstart='53' state='NEW' comment='out: DNS lookups'/>
  </rule>

  <!-- drop all other traffic -->
  <rule action='drop' direction='inout' priority='1000'>
    <all comment='inout: drop all non-accepted traffic'/>
  </rule>

</filter>