## macros ############################################################### ext_if="iwn0" ## filter ############################################################### ## scrub that shit scrub in all fragment reassemble no-df max-mss 1440 ## block that shit antispoof for $ext_if block in inet6 block drop in log on $ext_if all # block the ssh bruteforce bastards table persist block drop in quick on $ext_if from ## pass that shit pass out quick on $ext_if inet proto tcp \ from ($ext_if) to any \ flags S/SA modulate state pass out quick on $ext_if inet proto { udp, icmp } \ from ($ext_if) to any \ keep state pass in quick on $ext_if inet proto icmp \ from any to ($ext_if) \ keep state