Code:
# macros
ext_if="fxp0"
int_if="lo0"
router="192.168.1.1"
# tables
table <lan> { 192.168.1.1/24 }
table <abusive_hosts> persist
table <bogons> persist file "/home/jon/bogon-bn-nonagg.txt"
# options
set block-policy drop
set loginterface $ext_if
set skip on lo
# scrub
scrub in all
# queuing
# translation
# filters
block in all
block in quick from <abusive_hosts>
block in quick from <bogons>
pass out all keep state
pass quick on $int_if no state
antispoof quick for { lo $int_if }
antispoof for $ext_if
# internal [lan]
pass quick on $ext_if proto { tcp icmp } from <lan> to any
pass quick on $ext_if proto { tcp udp } from $router to any
# external [web] once up