Your company is running a DNS test server on the internal network. Access to this server must be blocked by using IP Filter. The administrator prefers that this access control is not obvious to someone trying to contact the server from the outside. Which rule implements the access control but hides the use of IP Filter to the outside?

A.
pass in quick on eri0 from 192.168.0.0/24 to any

B.
block in quick proto udp from any to any port = 53

C.
pass out quick on eri0 proto icmp from 192.168.1.2 to any keep state

D.
block return-icmp(port-unr) in proto udp from any to 192.168.1.2 port = 53