This rule allows incoming TCP traffic on any interface from any source IP address to port 80 on the local IP address 192.0.2.12. It will pass matching packets. The rule filters packets going towards (in) the computer using the egress interface group and only allows TCP protocol connections from any source to the specific destination IP address and port number listed.

1. PF on OpenBSD Filtering Rules Diagram
pass in on egress TCP from any to 192.0.2.12 port 80
What to do if
rule matches;
Results of
matching the
rule
(pass/block/m
atch)
Direction
the
packets
are going;
towards
the
computer
or away
from the
computer
(in/out)
Interface
group or
interface;
To match
every
interface,
use “all”
Type of
protocol
connection
(TCP/UDP/
ICMP/ICM
P6)
Where is
traffic
coming
from ie: IP
address or
can use
hostnames
What
specific IP
address is
the
connection
being
made to on
local
machine or
“any”; can
use
hostnames
What port
does it
connect to
on a local
machine
Adopted from “Absolute OpenBSD”, p 403-409