Would it be a good idea to make a pledge like call that limits a process from connecting to ports and/or hosts? Maybe it could be done in way that the kernel is made aware of the limitations like in a pledge call and while the process is alive, the kernel spawns pf rules based upon the socket ports that are created to connect to remote host ports.
You could conceivably do things like limiting ntpd to predetermined hosts and port 123 and 53 on the respective processes involved. It would make processes that need the inet pledge permission merely to use libhiredis to connect to a Redis database more safe.
