## start with block all inbound from internet
## fxp0 being the internet facing interface
## tun0 being the cvpn tunnel interface
##
block in on fxp0 all
block out on fxp0 all
block in on tun0 all
#block out on tun0 all
## dns
##
pass out quick on fxp0 proto tcp from any to any port = 53 flags S keep state
pass out quick on fxp0 proto udp from any to any port = 53 keep state
pass in quick on fxp0 proto tcp from any to any port = 53 flags S keep state
pass in quick on fxp0 proto udp from any to any port = 53 keep state
## allow ssh/scp/sftp from internet
##
pass in quick on fxp0 proto tcp from any to any port = 22 flags S keep state
pass out quick on fxp0 proto tcp from any to any port = 22 flags S keep state
## allow http to/from internet
##
pass in quick on fxp0 proto tcp from any to any port = 80 flags S keep state
pass out quick on fxp0 proto tcp from any to any port = 80 flags S keep state
## allow tinc/cvpn from internet
##
pass in quick on fxp0 proto tcp/udp from any to any port = 655 keep state
pass out quick on fxp0 proto tcp/udp from any to any port = 655 keep state
## allow pings to internet
##
pass out quick on fxp0 proto icmp from any to any icmp-type 8 keep state
#####################################################
#####################################################
## tun0
## pings in and out
##
pass in quick on tun0 proto icmp from any to any icmp-type 8 keep state
pass out quick on tun0 proto icmp from any to any icmp-type 8 keep state
## irc
##
#pass out quick on tun0 proto tcp from any to any port = 6667 flags S keep state
## dns
##
pass out quick on tun0 proto tcp from any to any port = 53 flags S keep state
pass out quick on tun0 proto udp from any to any port = 53 keep state
pass in quick on tun0 proto tcp from any to any port = 53 flags S keep state
pass in quick on tun0 proto udp from any to any port = 53 keep state
