Filtering for services (cont)

The obvious macros

webserver = "192.0.2.227"
webports = "{ http, https }"
emailserver = "192.0.2.225"
email = "{ smtp, pop3, imap, imap3, imaps, pop3s }"
nameservers = "{ 192.0.2.221, 192.0.2.223 }"

and rules that use them

pass proto tcp to $webserver port $webports 
pass proto tcp to $emailserver port $email 
pass log proto tcp from $emailserver to port smtp 
pass inet proto { tcp, udp } to $nameservers port domain