set block-policy return
set skip on lo0

block in
pass out

pass in quick inet proto icmp
pass in quick inet6 proto icmp6

<% @firewall_rules.each do |rule| -%>
<%   rule = /(tcp|udp)\/([\d:]+)( .+)?/.match(rule) -%>
pass in quick proto <%= rule[1] %><% if rule[3] %> from<%= rule[3] %><% end %> to port <%= rule[2] %>
<% end -%>
<% @firewall_custom.each do |rule| -%>
<%= rule %>
<% end -%>