pass in all
pass in from any to any
pass in proto tcp from any port <= 1024 to any label foo_bar
pass in proto tcp from any to any port = 25
pass in proto tcp from 10.0.0.0/8 port > 1024 to ! 10.1.2.3 port != 22
pass in proto igmp from 10.0.0.0/8 to 10.1.1.1 allow-opts