Any IP protocol may be used with PF packet filtering rules and redirection rules. The protocol may be specified by number or by name, as defined in /etc/protocols. This includes ESP, IP protocol 50.
The definitive ruleset is in the man page for
pf.conf(5). Guidelines and some "How To" information may be obtained from the
PF User's Guide, and additional information may also be garnered from Peter Hansteen's recent
publication,
The Book of PF, which has been getting excellent reviews, and you may also find Jacek Artymiak's
Building Firewalls with OpenBSD and PF helpful.