# /etc/pf.conf
# Simple filtering.
# Last Modified: Sat 07 Jul 2007 09:48:57 PM MDT

ext_if = "bfe0"
priv_nets = "{ 127.0.0.0/8, 192.168.0.0/16 }"

#set block-policy return
# Just drop blocked packets
set block-policy drop

# Normalize incoming packets
scrub in all

# Loopback traffic is okay.
pass quick on lo0 all

# Block everything in
block in all


# Allow incoming ssh
pass in on $ext_if proto tcp from any to $ext_if port 22 keep state

# Allow all outgoing tcp/udp 
pass out on $ext_if proto { tcp, udp } all keep state