yes, pf for newbies... sorry

[Vim Visual]

I am sorry that I didn't give you the details. Sorry, I was resting on
my laurels (I think there exists if not this one a similar expression
in English, right?)...

This is meant to be a simply home firewall to provide very basic NAT,
routing and firewall protection. I have a DSL connection and I am not
providing any service to the external world... here you are the whole
file

-------------------------------------------------------------------------
#set our macros
ext_if="iwi1"           #the external interface
int_if="iwi0"           #the internal interface
internal_net="192.168.2.1/24"

#first, normalize packets we transmit and receive
scrub in all

#then, give NAT to our internal addresses
nat on $ext_if from $internal_net to any -> ($ext_if)

#We want outbound FTP to work properly, so let's enable the
#FTP proxy.  Be sure you have ftp-proxy running out of inetd(8)!
rdr on $int_if proto tcp from any to any port ftp -> 127.0.0.1 port 8021

#We're not doing any packet shaping, so let's go directly to the
#packet filtering.  We'll block everything first, and then only
#explicitly allow desirable traffic.

block in log all

#As our client operating systems may be running some godforsaken
#operating system with poor ISN selection, we'll use state modulation.

pass in on $int_if inet from $internal_net to any modulate state

#I'd like to be able to SSH to my network from anywhere
pass in on $ext_if inet proto tcp from any to ($ext_if) port ssh keep state

#and, don't forget to allow our ftp-proxy program to connect back to
#the firewall!
pass in on $ext_if inet proto tcp from any to ($ext_if) user proxy keep state
-------------------------------------------------------------------------------------------------------------