# don't filter on the loopback interface
set skip on lo

# scrub incoming packets
scrub in

# block spoofed packtes
antispoof quick for { lo vic0 }

# setup a default deny policy
block all

# enable I access anywhere
pass out

#enable services:
# ping
pass in inet proto icmp icmp-type echoreq
# ssh
pass in proto tcp to port ssh
# ftp-port
pass in proto tcp from port ftp-data