My stateful ipv6 fiewall rules (Score 1)

This lets me route all of my million billion zillion ip addresses in my /48 with no NAT and no inbound stuff allowed at all unless initiated from the inside.

block in on pppoe0 all
pass out quick on pppoe0 proto tcp/udp from xxxx:xxx:xxx::/48 to any keep state
pass out quick on pppoe0 proto ipv6-icmp from xxxx:xxx:xxx::/48 to any keep state

Whew... That was really hard to set up.