On Thu, 31 Jul 2003, GV wrote:

> OK, here are some new modifications I did earlier today:
> pf.conf:
> ----------------------
> block in log all
> pass in on $ext_if proto {tcp,udp} from any to $ext_if port {80,22}
> pass in on $ext_if proto {icmp} from any to any
> pass out all
> ---------------------

You're not using scrub, quick, flags, or state. My suggestion:
start with the example ruleset at:


Read the entire guide, following the example ruleset, so you understand
each line. Once you do, simplify[0] the example rulset to fit your needs.
The example has two interfaces, you've only got one. The example has
nat/rdr, which you won't need.

[0] Or complexify, naturally, as fits the current situation.

