<span class="hljs-comment"># from the PF FAQ: http://www.openbsd.org/faq/pf/example1.html</span>
<span class="hljs-comment"># macros</span>
int_if=<span class="hljs-string">"xl0"</span>
tcp_services=<span class="hljs-string">"{ 22, 113 }"</span>
icmp_types=<span class="hljs-string">"echoreq"</span>
comp3=<span class="hljs-string">"192.168.0.3"</span>
<span class="hljs-comment"># options</span>
<span class="hljs-built_in">set</span> <span class="hljs-keyword">block-policy</span> return
<span class="hljs-built_in">set</span> <span class="hljs-keyword">loginterface</span> <span class="hljs-literal">egress</span>
<span class="hljs-built_in">set</span> <span class="hljs-keyword">skip</span> <span class="hljs-keyword">on</span> lo
<span class="hljs-comment"># FTP Proxy rules</span>
<span class="hljs-built_in">anchor</span> <span class="hljs-string">"ftp-proxy/*"</span>
<span class="hljs-built_in">pass</span> <span class="hljs-keyword">in</span> <span class="hljs-keyword">quick</span> <span class="hljs-keyword">on</span> <span class="hljs-variable">$int_if</span> <span class="hljs-keyword">inet</span> <span class="hljs-keyword">proto</span> tcp <span class="hljs-keyword">to</span> <span class="hljs-literal">any</span> <span class="hljs-keyword">port</span> ftp \
<span class="hljs-keyword">divert-to</span> <span class="hljs-number">127.0</span>.<span class="hljs-number">0.1</span> <span class="hljs-keyword">port</span> <span class="hljs-number">8021</span>
<span class="hljs-comment"># match rules</span>
<span class="hljs-built_in">match</span> <span class="hljs-keyword">out</span> <span class="hljs-keyword">on</span> <span class="hljs-literal">egress</span> <span class="hljs-keyword">inet</span> <span class="hljs-keyword">from</span> !(<span class="hljs-literal">egress</span>:network) <span class="hljs-keyword">to</span> <span class="hljs-literal">any</span> <span class="hljs-keyword">nat-to</span> (<span class="hljs-literal">egress</span>:<span class="hljs-number">0</span>)
<span class="hljs-comment"># filter rules</span>
<span class="hljs-built_in">block</span> <span class="hljs-keyword">in</span> <span class="hljs-keyword">log</span>
<span class="hljs-built_in">pass</span> <span class="hljs-keyword">out</span> <span class="hljs-keyword">quick</span>
<span class="hljs-built_in">antispoof</span> <span class="hljs-keyword">quick</span> <span class="hljs-keyword">for</span> { lo <span class="hljs-variable">$int_if</span> }
<span class="hljs-built_in">pass</span> <span class="hljs-keyword">in</span> <span class="hljs-keyword">on</span> <span class="hljs-literal">egress</span> <span class="hljs-keyword">inet</span> <span class="hljs-keyword">proto</span> tcp <span class="hljs-keyword">from</span> <span class="hljs-literal">any</span> <span class="hljs-keyword">to</span> (<span class="hljs-literal">egress</span>) \
<span class="hljs-keyword">port</span> <span class="hljs-variable">$tcp_services</span>
<span class="hljs-built_in">pass</span> <span class="hljs-keyword">in</span> <span class="hljs-keyword">on</span> <span class="hljs-literal">egress</span> <span class="hljs-keyword">inet</span> <span class="hljs-keyword">proto</span> tcp <span class="hljs-keyword">to</span> (<span class="hljs-literal">egress</span>) <span class="hljs-keyword">port</span> <span class="hljs-number">80</span> <span class="hljs-keyword">rdr-to</span> <span class="hljs-variable">$comp3</span>
<span class="hljs-built_in">pass</span> <span class="hljs-keyword">in</span> <span class="hljs-keyword">inet</span> <span class="hljs-keyword">proto</span> icmp <span class="hljs-literal">all</span> <span class="hljs-keyword">icmp-type</span> <span class="hljs-variable">$icmp_types</span>
<span class="hljs-built_in">pass</span> <span class="hljs-keyword">in</span> <span class="hljs-keyword">on</span> <span class="hljs-variable">$int_if</span>