OpenBSD Packet Filter (pf) is a stateful packet filter firewall. pf was developed for OpenBSD, but has been ported to many other operating systems. This quickstart guide outlines several useful commands and techniques to assist debugging pf.
To enable pf at boot, add pf_enable=yes to /etc/rc.conf:
# sysrc pf_enable=yes
Start pf manually.
# pfctl -e
Show the current ruleset.
# pfctl -sr
Show everything possible.
# pfctl -sa
Stop pf.
# pfctl -d
Disable pf at boot.
# rcctl disable pf
This trivial example will allow SSH into the server while blocking everything else. Add the following to /etc/pf.conf.
block all
pass out proto tcp to any port 22 keep state
See the pf documentation for more details.