# definitions

ext_if=em0
home="217.157.20.133 10.3.5.0/24"
symbion="192.38.9.151"
catpipe="195.249.214.160/27, 195.249.214.193/28, 195.215.112.234"

table <friends> { $home $symbion $catpipe  }

# rules start here

scrub in

block in all

pass quick on lo 
antispoof quick for lo 

pass in proto icmp

pass in on $ext_if proto tcp from <friends> to ($ext_if) port 22 keep state

pass in on $ext_if proto tcp from <friends> to any port 12345 keep state

pass out all keep state