If we are using the default firewall for OpenBSD, how can we modify it to disable all the network access for a normal user except for one thing: we want to ssh to the user from random hosts!
So example if the user want’s to “wget google.com”, it shouldn’t have firewall permission to it. If we want to copy something via scp to the user from a random machine, the firewall would need to allow it. If the user wants to ssh to some other hosts, it shouldn’t have access.
