Agreed, `pf` is a delight to use.

Borrowing a demonstration from https://srobb.net/pf.html

    tcp_pass = "{ 22 25 80 110 123 }"
    udp_pass = "{ 110 631 }"
    block all
    pass out on fxp0 proto tcp to any port $tcp_pass keep state
    pass out on fxp0 proto udp to any port $udp_pass keep state

Note last rule matching wins, so you put your catch-all at the top, "block all". Then in this case fxp0 is the network interface. So they're defining where traffic can go to from the machine in question, in this case any source as long as it's to port 22, 25, 80, 110, or 123 for TCP, and either 110 or 631, for UDP.

<action> <direction> on <interface> proto <protocol> to <destination> port <port> <state instructions>