how to open ports in pf.conf?

[invicta]

hello i am trying to follow this guide to hosting xmpp on openbsd but i cant figure out how to do this part

Unlock port on your firewall
Ports 5222 (for client to server - c2s) and 5269 (for server to server - s2s) are required so do not forget to open it on your pf.conf.

what do i put in my /etc/pf.conf to unlock these ports for c2s and s2s?

[jggimi]

Is the OpenBSD system to be provisioned acting as a router between networks, or is it an end-use platform? Is there a PF configuration already in use? If so, is it deployed as a "default allow" filter or is it a "default deny" filter?

[jggimi]

FYI, there is a default pf.conf(5) configuration. It is a "default allow" configuration which blocks stateless inbound traffic, blocks remote inbound X Windows connections, and blocks the special userid _pbuild from using the network. This special userid is used only on systems that build packages from ports.

[CiotBSD]

Maybe, try, at least:

Code:

ip = "xxxx" # address ip of your server

# differents default block
(…)
block
pass out

pass in  on egress proto tcp from any to $ip port { 5222 5269 } 
pass out on egress proto tcp from $ip to any port 5269

(but, it's really minimalistic rules)