##
## simple pf rules
##

ext_if="hme0"

scrub in

# block everything inbound
block in log

# allow established traffic back in
pass out keep state

# allow the loop back interface
pass in on lo0 to lo0 keep state

# allow icmp
pass in on $ext_if proto icmp to ($ext_if) keep state

# allow ssh inbound
pass in on $ext_if proto tcp to ($ext_if) port ssh keep state