# TODO: Rate-limit ssh

$services = { ssh, mdns }

group "services" in {
      pass stateful proto { tcp, udp } to any port $services
}

group "icmp" in {
      pass stateful proto icmp icmp-type echo all

      pass stateful proto ipv6-icmp icmp-type echo all
      pass stateful proto ipv6-icmp icmp-type rtsol all
      pass stateful proto ipv6-icmp icmp-type rtadv all
      pass stateful proto ipv6-icmp icmp-type neighsol all
      pass stateful proto ipv6-icmp icmp-type neighadv all
}

group "localhost" in on lo0 {
      pass stateful all
}

group default {
      block all

      pass stateful out all
}