basic rule request - allow_all/block_bad

[infos at dnswatch.com]

Greetings,
 I know very little about creating an initial pf.conf.
I know /very/ /much/ that I want/need PF, and will need a fair amount
of time to "tune" pf to work optimally for each server.
BUT, in an effort to get started, I'm hoping that some kind soul will
provide me with a very basic pf.conf that will not interrupt the
current application/server block policies I already have in place -
which is to say; I currently block at the application/server, but hope
to merge (transfer) them to PF. So. can anyone share a pf.conf that will
allow all, but block ALL_EVIL_IP requests on ALL ports?
In other words, if I only wanted to block (drop) ALL traffic coming from a
/single/ IP address. How would I do it?
I have one (active) NIC in each of my servers, and there are anywhere from 3
to 12 IP's aliased to them above and beyond the IP assigned to the host
itself. All addresses are fully qualified, internet route-able addresses
(no internal/private IP's).

Thank you for all your time and consideration.

--Chris