add allow ip from any to any via lo0
add check-state
add reset tcp from any to any established
add deny log tcp from any 135-139,445,543 to any
# allow HTTP traffic
add allow tcp from any to me 80 setup in keep-state
add allow tcp from any to me 8080 setup in keep-state
add allow tcp from any to me 443 setup in keep-state
# limit connections HTTP&HTTPS
add allow tcp from any to me dst-port 80 limit src-addr 12
add allow tcp from any to me dst-port 8080 limit src-addr 12
add allow tcp from any to me dst-port 443 limit src-addr 12
# allow DNS
add allow udp from any to me 53 in keep-state
add allow tcp from any to me 53 setup in keep-state
# allow SMTP
add allow tcp from any to me 25 setup in keep-state
add allow tcp from any to me 22 setup in keep-state
# limit connections SMTP
add allow tcp from any to me dst-port 25 limit src-addr 12
# allow FTP
add allow tcp from any to me 21 setup in keep-state
add allow tcp from any to me 20 setup in keep-state
add allow tcp from me 20 to any setup out keep-state
# limit connections FTP
add allow tcp from any to me dst-port 21 limit src-addr 12
add allow tcp from any to me dst-port 20 limit src-addr 12
# allow SSH
add allow tcp from any to me dst-port 22
#add deny tcp from any to me dst-port 3178
#allow POP3
add allow tcp from any to me 110 setup in keep-state
#allow IMAP
add allow tcp from any to me 143 setup in keep-state
# allow ping
add allow icmp from any to me icmptypes 8 in keep-state
# allow traffic to server
add allow tcp from me to any setup out keep-state
add allow ip from me to any out keep-state
add allow tcp from any to me setup in keep-state
add allow ip from any to me in keep-state
#add allow tcp from any to me dst-port 3178
# defecating traffic
add deny log ip from any to any not verrevpath in
add reject tcp from any to any not established tcpflags fin
add reject tcp from any to any tcpflags fin, syn, rst, psh, ack, urg
add reject tcp from any to any tcpflags !fin, !syn, !rst, !psh, !ack, !urg
# deny everything else
add deny tcp from any to any setup
add deny ip from any to any
