Dynamic address configuration is the best choice. Only set up a DHCP client on the public interface.The 1st rule accepts packets from now established connections, assuming they are Risk-free not to overload the CPU. The second rule drops any packet that link tracking identifies as invalid. After that, we create regular acknowledge guidelines for ce