ext_if="re0"int_if="re1"tcp_srv="{ www, https }"udp_srv="{ sip, 10000:20

1. ext_if="re0"
2. int_if="re1"
3.  
4. tcp_srv="{ www, https }"
5. udp_srv="{ sip, 10000:20000 }"
6.  
7. set skip on lo
8.  
9. # route lan to wan
10. pass out on $ext_if from $int_if:network to any nat-to ($ext_if)
11.  
12. # allow access to services from wan
13. pass in on $ext_if proto tcp from any to ($ext_if) port $tcp_srv synproxy state
14. pass in on $ext_if proto udp from any to ($ext_if) port $udp_srv
15.  
16. # allow egress
17. pass out on $ext_if from ($ext_if) to any modulate state
18.  
19. # allow in/out for lan
20. pass on $int_if modulate state
21.  
22. block all