im new with pf

[Jonathan Horne]

i have a client who has a simple linksys router, with port 22, 25, 80, 443 
forwarded to a freebsd server i built for his small business.  25 80 and 443 
are obviously public services, but id like to limit access to 22 to the 
trusted internal network, and my block of IPs i would be connecting from from 
my site.  along with regulating port 22, i also need all other ports to work 
properly, since samba is installed, and i dont want to mess with picking and 
choosing what ports will be in this config.  i just need to limit access to 
port 22.  

does something like this look acceptable if the above is my goal?

[pf.conf]
# definitions
ext_if=fxp0
client="192.168.1.0/24"
mynet="[outsideips]/29"


table <trusted> { $client $mynet }
# rules start here
scrub in
block in all
pass quick on lo
antispoof quick for lo

pass in on $ext_if from <trusted> to ($ext_if) keep state
pass in on $ext_if proto tcp from any to ($ext_if) port { 25 80 443 } keep 
state

pass out all keep state
[/pf.conf]

like i said, i need to allow local (and me, trusted) to anything, and anyone 
else just access to 25, 80 and 443.  thanks for any critiques and ideas.
-- 
Jonathan Horne
http://dfwlpiki.dfwlp.org
freebsd at dfwlp.com