netbsd_dot_files/my_etc/npf.conf

# TODO: Allow in ICMP(v6) by message type
# TODO: Rate-limit ssh

$services = { mdns, ssh }

group "localhost" in on lo0 {
      pass stateful all
}

group default {
      # Default rule
      block all

      pass stateful in proto { tcp, udp } to any port $services

      # Let it goooooo
      pass stateful out all
}