{# pf ~~ templates/pf.conf.j2 #}

# pf ~~ /etc/pf.conf

# ========================= #
# common config. by Ansible
# ========================= #

set block-policy drop
set loginterface egress
set skip on { lo tun0 }

block all

{% for key, value in services.tcp.items() %}
pass in quick on egress proto tcp to port {{ value }}
{% endfor %}
{% for key, value in services.udp.items() %}
pass in quick on egress proto udp to port {{ value }}
{% endfor %}

# ====================== #
# sub-config. by Ansible
# ====================== #

{% include "templates/" + inventory_hostname + "/etc/pf.conf.j2" %}

# ========================= #
# out. interface by Ansible 
# ========================= #

pass out quick inet
pass in proto { icmp, icmp6 } all