reset input=drop
for input
on icmp ping accept
on state connected accept
on in-int lo accept
on tcp dport 22 accept
on tcp dport ident reject