#       $OpenBSD: pf.conf,v 1.55 2017/12/03 20:40:04 sthen Exp $
#
# See pf.conf(5) and /etc/examples/pf.conf
set skip on lo
table <bruteforce> persist
table <whitelist> persist file "/etc/pf.whitelist"
block return    # block stateless traffic
pass            # establish keep-state
block return in on ! lo0 proto tcp to port 6000:6010
block return out log proto {tcp udp} user _pbuild
block drop in quick from <bruteforce>
pass in quick on egress from <whitelist> keep state
pass in on egress proto tcp to port { 80 443 } \
    keep state (max-src-conn 100, max-src-conn-rate 50/10, \
    overload <bruteforce> flush global)

pass in on egress proto tcp to port { 6667 6697 }