Dynamic handle configuration is the simplest choice. Only create a DHCP client on the public interface.The main rule accepts packets from already established connections, assuming They may be Risk-free not to overload the CPU. The next rule drops any packet that link tracking identifies as invalid. After that, we create normal acknowledge policies