OpenBSD: PF firewall for the paranoid

Block all traffic except for ssh.

/etc/pf.conf

tcp_services = "{ 22 }"
block all
pass out on em0 proto tcp to any port $tcp_services keep state
pass in on em0 proto tcp to any port $tcp_services keep state

Enabling rules:

pfctl -e ; pfctl -f /etc/pf.conf 
pfctl: pf already enabled

Tags: [ pf ]

---