group default { # Allow loopback traffic pass in final on lo0 all pass out final on lo0 all # Allow incoming and outgoing traffic on wm0 pass in final on wm0 all pass out final on wm0 all # Block incoming SSH connections block in final proto tcp from any to any port 22 # Allow outgoing secured Internet connections (HTTPS and SSL/TLS) pass stateful out final proto tcp flags S/SA from any to any port {443, 465, 563, 636, 993, 995} # Allow incoming and outgoing Irssi connections pass in final proto tcp from any to any port 6667 pass out final proto tcp from any to any port 6667 # Block all other incoming traffic block in final all }