Filtering rules are the heart of PF. You can use PF without doing any of the fancy redirection, address translation, load balancing, or redundancy, but packet filtering is the bedrock on which most of these features are based. To start with, however, basic packet filtering is defined as access control for network packets by source, destination, protocol, and protocol characteristics.
PF processes filtering rules in order. The last rule that matches a packet is acted on. A typical packet-filtering rule looks like this:
1pass 2in 3on egress 4proto tcp 5from any 6to 192.0.2.12 7port 80
The first word of the filter rule is a keyword that describes the results of this rule 1. PF will either
block packets that match a rule. ...