# ruleset based on section 9.1 from www.obfuscation.org/ipf

# allow all on localhost
pass in quick on lo0 all
pass out quick on lo0 all

# default deny state
block in all
block out all

#
# incomming connections to allow
#

# allows for auth
pass in quick proto tcp from any to any port = 113 keep state

# allows for smtp
pass in quick proto tcp from any to any port = 25 flags S keep state

# allows for ssh
pass in quick proto tcp from any to any port = 22 flags S keep state

# allows for ftp
pass in quick proto tcp from any port = 20 to any port 39999 >< 45000 flags S keep state

# allow vnc
pass in quick proto tcp from any to any port = 5801 flags S keep state
pass in quick proto tcp from any to any port = 5901 flags S keep state

# allow httpd
pass in quick proto tcp from any to any port = 80 flags S keep state

# now for a total default deny
block in log first quick all

#
# outgoing connections to allow
#

pass out quick proto tcp/udp from any to any keep state keep frags
pass out quick proto icmp from any to any keep state