# Allow person SSH access
        ${fwcmd} allow tcp from any to any 22 out setup keep-state

I see two reasons that egress sshd traffic will not match the above rule. The destination port is incorrect and a syn/ack will not match.

        ${fwcmd} add pass tcp from ${mip} to me 22 setup limit src-addr 2
