;;; Drop invalid connections
chain=forward in-interface=LAN2 connection-state=invalid action=drop
;;; Allow established connections
chain=forward in-interface=LAN2 connection-state=established action=accept
;;; Allow only 40 connections
chain=forward in-interface=LAN2 protocol=tcp connection-limit=40,24 connection-state=new action=reject

;;; Drop invalid connections
chain=forward in-interface=LAN2 connection-state=invalid action=drop
;;; Allow only 40 connections
chain=forward in-interface=LAN2 protocol=tcp tcp-flags=syn connection-limit=40,24 action=reject reject-with=tcp-reset
;;; Allow established connections
chain=forward in-interface=LAN2 connection-state=established action=accept

;;; Allow established connections
chain=forward in-interface=LAN2 connection-state=established action=accept