set timeout { tcp.closing 900, tcp.finwait 45, tcp.closed 90 }
#set limit { states 100000, src-nodes 100000, frags 50000 }
set optimization normal
set block-policy return
set skip on lo0
scrub in all

nat on em0 from 192.168.0.0/16 to any -> 80.77.81.43

table <ftp_enable> { 80.77.81.0/24, 80.245.117.18, 195.216.212.77, 195.88.15.0/24, 195.88.14.0/24 }
block in quick on em0 proto tcp from !<ftp_enable> to any port { ftp, ftp-data }

#table <http-dos> persist
#pass in on rl0 proto tcp to (rl0) port http flags S/SA keep state \
#    (max-src-conn 75, max-src-conn-rate 150/2, overload <http-dos> flush)
#block in quick proto tcp from <http-dos> to (rl0) port http

pass in all no state
pass out all no state