Adding some system-wide things

my_etc/npf.conf

@@ -0,0 +1,21 @@
+# TODO: Allow in ICMP(v6) by message type
+# TODO: Rate-limit ssh
+
+# ICMP(v6)
+alg "icmp"
+
+group "services" in on vioif0 {
+      pass stateful proto tcp to any port ssh
+}
+
+group "localhost" in on lo0 {
+      pass stateful all
+}
+
+group default {
+      # Default rule
+      block all
+
+      # Let it goooooo
+      pass stateful out all
+}

my_usr/pkg/etc/doas.conf

@@ -0,0 +1 @@
+permit persist keepenv setenv { PATH } :wheel