I added the second part as well.
Code:
pass in on egress proto tcp to 192.168.0.2 port 80 keep state \
(max 200, source-track rule, max-src-nodes 100, \
max-src-states 3)
table <abusive_hosts> persist
block in quick from <abusive_hosts>
pass in on egress proto tcp to 192.168.0.2 port 80 flags S/SA keep state \
(max-src-conn 100, max-src-conn-rate 15/5, \
overload <abusive_hosts> flush)