pf.conf

table <trusted> const { } 
table <bruteforce> persist

block all

pass in quick from <trusted>
block in quick from <bruteforce>

set skip on lo

block in quick inet6
block out quick inet6

pass in quick proto tcp to port  80 keep state (max-src-conn 100, max-src-conn-rate 15/5, overload <bruteforce> flush global)
pass in quick proto tcp to port  22 keep state (max-src-conn 100, max-src-conn-rate 15/5, overload <bruteforce> flush global)
pass in quick proto tcp to port 443 keep state (max-src-conn 100, max-src-conn-rate 15/3, overload <bruteforce> flush global)

# admin panel
pass in quick on lo proto tcp to port 8443 keep state (max-src-conn 100, max-src-conn-rate 15/3, overload <bruteforce> flush global)

block return    # block stateless traffic
pass            # establish keep-state

# Port build user does not need network
block return out log proto {tcp udp} user _pbuild