tcp_services="{ ssh, http }"icmp_types="echoreq"syn_only="S/FSRA"ext_if="e

1. tcp_services="{ ssh, http }"
2. icmp_types="echoreq"
3. syn_only="S/FSRA"
4. ext_if="em0"
5.  
6. set block-policy drop
7. set loginterface $ext_if
8. set skip on lo
9.  
10. scrub in all
11.  
12. anchor "incoming" in on $ext_if {
13. pass quick inet6 proto icmp6 keep state
14. pass quick inet proto icmp all icmp-type $icmp_types keep state
15. pass quick proto tcp to port $tcp_services flags $syn_only keep state
16. }
17.  
18. anchor "outgoing" out on $ext_if {
19. pass quick keep state
20. }
21.  
22. block in log
23. block out log