ext_if="em0"set limit { states 8000000, frags 40000, src-nodes 4000000 }

1. ext_if="em0"
2.  
3. set limit { states 8000000, frags 40000, src-nodes 4000000 }
4.  
5. service_ports="{ 17353, 3306 }"
6. game_ports="{ 11100, 12000, 13000, 14000, 15000, 16000, 18000 }"
7.  
8. table <trusted_hosts> const { 127.0.0.1 89.39.13.6 195.178.102.2 195.178.102.10 }
9. table <abusive_hosts> persist
10.  
11. # options
12. set block-policy drop
13. set loginterface $ext_if
14. set skip on lo0
15.  
16. #scrub on $ext_if reassemble tcp no-df random-id
17.  
18. #antispoof quick for { lo0 $ext_if }
19.  
20. block in
21.  
22. pass out all keep state
23. pass out on $ext_if all modulate state
24.  
25. pass in quick from <trusted_hosts>
26. block in quick from <abusive_hosts>
27.  
28. pass in inet proto icmp all icmp-type echoreq
29.  
30. pass in on $ext_if proto tcp to any port $service_ports flags S/SA keep state \
31. (max-src-conn 40, max-src-conn-rate 20/5, overload <abusive_hosts> flush)
32.  
33. pass in on $ext_if proto tcp to any port $game_ports flags S/SA keep state \
34. (max-src-conn 20, max-src-conn-rate 20/5, overload <abusive_hosts> flush)
35.  
36. pass in on $ext_if proto udp to any port $game_ports keep state \
37. (max-src-conn 20, max-src-conn-rate 20/5, overload <abusive_hosts> flush)