To configure a WPA2 PSK wireless access point with Hostapd
Install hostapd from ports
cd /usr/ports/net/hostapd
make install clean
Add the following to /etc/rc.conf
hostapd_enable="YES" wlans_ath0="wlan0" create_args_wlan0="wlanmode hostap" ifconfig_wlan0="inet 192.168.2.1 netmask 255.255.255.0 up" ifconfig_wlan0_ipv6="inet6 2001:xxxx:xxxx:xxxx::x prefixlen 64"
Substitute ath0 for your wifi card's interface name
Substitute IP addresses to reflect your configuration
Create a new /etc/hostapd.conf
interface=wlan0 ctrl_interface=/var/run/hostapd ctrl_interface_group=wheel ssid=your_ssid wpa_passphrase=your_wifi_password wpa=2 wpa_key_mgmt=WPA-PSK wpa_pairwise=CCMP
Ideally configure the strongest possible password for the access point.
These can be generated online with GRC's Ultra High Security Password Generator https://www.grc.com/passwords.htm
Preferably choose '63 random printable ASCII characters' as it is a more "standard" means for specifying the 256-bits of WPA keying material.
Assuming you already have a PF rule to allow all traffic through your internal nic similar to: pass quick on $int_if
Edit /etc/pf.conf and add wlan0 to your $int_if macro. Substitute re1 for your network interface's name.
int_if = "{" re1 wlan0 "}"
Ideally bridge the interfaces in /etc/rc.conf for easiest administration.
Restart the system to apply all the changes.