# sshd in from any
pass in quick on ep0 proto tcp from any to 216.68.250.60/32 port = 22 keep state

block in quick on any from 192.168.0.0/16 to any
block in quick on any from 10.0.0.0/8 to any
block in quick on any from 127.0.0.0/8 to any
block in quick on any from 0.0.0.0/8 to any
block in quick on any from 169.254.0.0/16 to any
block in quick on any from 192.0.2.0/24 to any 
block in quick on any from 204.152.64.0/23 to any
block in quick on any from 224.0.0.0/3 to any

# pass out as if we were a single internet client
pass out quick on ep0 proto tcp from 216.68.250.60/32 to any keep state
pass out quick on ep0 proto udp from 216.68.250.60/32 to any keep state
pass out quick on ep0 proto icmp from 216.68.250.60/32 to any keep state

# dns stuff
pass in log quick proto tcp from any to any port = 53 keep state
pass in log quick proto udp from any to any port = 53 keep state

# pass thru www and ftp
pass in log quick proto tcp from any to any port = www keep state
pass in quick proto tcp from any to any port = ftp keep state
pass in quick proto tcp from any to any port = ftp-data keep state
pass in quick proto tcp from any port = ftp-data to any port > 1023 keep state
pass in log quick proto icmp all keep state