ext_if="em0"
ip="some_ip"
slaves="some_network/27"
scrub in all
block in log all
pass out quick all keep state
#Local
pass in quick on lo0 from any to any keep state
pass in quick on $ext_if from $slaves to $ip keep state
#SSH
pass in on $ext_if proto tcp from any to $ip port 22 keep state
#WWW
pass in on $ext_if proto tcp from any to $ip port 80 keep state
#DNS
pass in on $ext_if proto {tcp,udp} from any to $ip port 53 keep state