# Allow a client -> my server
IMAP, POP3 AND SMPT
$fw add allow tcp from 192.168.1.57 to me 143 tcpflags setup
$fw add allow tcp from 192.168.1.57 to me 110 tcpflags setup
$fw add allow tcp from 192.168.1.57 to me 995 tcpflags setup
$fw add allow tcp from 192.168.1.57 to me 25 tcpflags setup
DNS query
$fw add allow tcp from 192.168.1.57 to me 53
$fw add allow udp from 192.168.1.57 to me 53
SSH
$fw add allow tcp from 192.168.1.57 to me 22 tcpflags setup
$fw add deny log tcp from any to me 22
AFP
$fw add allow tcp from 192.168.1.57 to me 548 setup
$fw add allow tcp from 192.168.1.57 to me 427 setup
$fw add allow tcp from 192.168.1.57 to me 548 setup
$fw add allow tcp from 192.168.1.57 to me 427 setup
$fw add allow tcp from 192.168.1.57 to me 548 setup
$fw add allow tcp from 192.168.1.57 to me 427 setup
HTTP and HTTPS
$fw add allow tcp from 192.168.1.57 to me 80,443 setup
# Allow my client -> World
HTTP, HTTPS
$fw add allow tcp from 192.168.1.57 to any 80,443 in via en0 \setup keep-state
DNS query
$fw add allow tcp from 192.168.1.57 to any 53 in via en0 \setup keep-state
$fw add allow udp from 192.168.1.57 to any 53 in via en0 \setup keep-state
SSH unrestricted
$fw add allow tcp from 192.168.1.57 to any 22 tcpflags setup
# Allow the world -> server
HTTPS
$fw add allow tcp from any to me 443 in via en2 setup keep-state
Query DNS
$fw add allow tcp from any to me 53 in via en2 setup keep-state
$fw add allow udp from any to me 53 in via en2 setup keep-state
SMTP, IMAP
$fw add allow tcp from any to me 25 in via en2 setup keep-state
$fw add allow tcp from any to me 143 in via en2 setup keep-state
# Allow the server to the world:
All
$fw add allow tcp from me to any
Limit HTTP bandwidth 1Mbit/s
$fw pipe 1 config bw 1000Kbit/s
$fw add allow pipe 1 tcp from any to me 80 in via en2 setup
Narrow band SMTP 512Kbit/s
$fw pipe 2 config bw 512Kbit/s
$fw add allow pipe 1 tcp from any to me 25 in via en2
The remainder is # 512Kbit/s
$fw pipe 3 config bw 512Kbit/s
$fw add allow pipe 1 tcp from any to me in via en2
