OpenBSD pf

- OpenBSD packet filter config

/etc/pf.conf:

# macros
ext_if="em0"
tcp_services="{ 22, 2222 }"
# options
set skip on lo
# scrub
match in all scrub no-df
# filter rules
block in
pass out keep state
pass in on $ext_if inet proto tcp from any to ($ext_if) \  
port $tcp_services flags S/SA keep state