ext_if = "lo0"
set limit states 100
set block-policy drop
set require-order yes
match in on lo0 inet all rdr-to 127.0.0.1
match out on lo0 inet all nat-to 127.0.0.1
match out on lo0 inet from 192.168.0.0/24 to 192.168.0.0/24 nat-to 192.168.0.0/24 static-port
match in on lo0 inet from 192.168.0.0/24 to 192.168.0.0/24 rdr-to 192.168.0.0/24
pass out on lo0 proto tcp from any to any port = ssh flags S/SA keep state queue(pri-med, pri-high)
pass out on lo0 proto tcp from any to any port = www flags S/SA keep state queue pri-med
pass in on lo0 proto tcp from any to any port = www flags S/SA keep state queue pri-low