¿Estas reglas parecen ser un comienzo adecuado?
_interface="en1"
_linode="66.228.57.75" #lish-atlanta.linode.com
_ssh=" { 74.207.224.182 66.175.210.225 } "
set block-policy drop
set skip on lo0
set state-policy if-bound
set loginterface $_interface
set require-order yes
scrub out
scrub in
antispoof quick for { vboxnet0 lo0 $_interface }
block in log
block out log
pass out quick on vboxnet0 proto { tcp udp } to 192.168.56.101 port { 22 }
pass in quick on $_interface proto { udp } to port { 68 }
#pass out quick on $_interface proto { tcp udp } to any
pass out quick on $_interface proto { udp } to any port { 53 67 }
pass out quick on $_interface proto { tcp udp } to any port { 80 443 }
pass out quick on $_interface proto tcp to $_linode port 22
pass out quick on $_interface proto tcp to $_ssh port 47
¿Puede alguien darme más sugerencias sobre una buena configuración básica?