This is a quick and dirty example of pf blocking a specific ip range using pf on FreeBSD This was for the ftp port
same line except of course port 80
block in on $ext_if proto tcp from 118.107.162.0/24 to port 21

TAKEN from this setup

set block-policy return
ext_if=bge0
int_if=bge1
udp_services = "{ domain, ntp }"
icmp_types = "echoreq"
scrub in all
block in on $ext_if

set skip on lo
pass inet proto icmp all icmp-type $icmp_types keep state
pass quick inet proto { tcp, udp } to any port $udp_services
pass in on $int_if proto tcp from any to $int_if port 53
pass in on $int_if proto udp from any to $int_if port 53
pass in on $int_if proto tcp from any to $int_if port 80
pass in on $int_if proto udp from any to $int_if port 80
pass in on $int_if proto tcp from any to $int_if port 22
pass in on $int_if proto tcp from any to any port 21 keep state
pass in on $int_if proto tcp from any to any port > 30000 keep state
pass out on $int_if proto { tcp, udp } all

pass in on $ext_if proto tcp from any to $ext_if port 53
pass in on $ext_if proto udp from any to $ext_if port 53
pass in on $ext_if proto tcp from any to $ext_if port 80
pass in on $ext_if proto udp from any to $ext_if port 80
pass in on $ext_if proto tcp from any to any port 21 keep state
pass in on $ext_if proto tcp from any to any port > 30000 keep state
pass out on $ext_if proto { tcp, udp } all
block in on $ext_if proto tcp from 118.107.162.0/24 to port 21
antispoof for $ext_if
antispoof for $int_if

__________________
"The future is here. It's just not evenly distributed.