pf.conf

#MACROS
nicext = "xl0"
nicint = "rl0"
tcpext = "{ 2121 2222 8080 }"
protovia = "{ tcp udp icmp }"
trusted = "{ 192.168.0.3 192.168.0.11, 192.168.0.12, 192.168.0.13 192.168.0.21 }"
shit = "{ 195.56.111.221 }"

#OPTIONS
set block-policy return
set debug urgent
set loginterface $nicext
set optimization normal
set state-policy if-bound

#SCRUB
scrub in all
#scrub on $nicext all reassemble tcp

#NAT, REDIRECTS
nat on $nicext from $trusted to any -> $nicext
#nat-anchor "ftp-proxy/*"
#rdr pass on $nicint proto tcp from $trusted to any any port 21 -> 127.0.0.1 port 8021
rdr pass on $nicext proto tcp from any to any port 4000 -> 192.168.0.11
rdr pass on $nicext proto tcp from any to any port 6112 -> 192.168.0.11
rdr pass on $nicext proto udp from any to any port 6112 -> 192.168.0.11

#FILTER

#default deny policy
block all

#pass traffic on loopback interface
pass quick on lo0 all

#ftp-proxy
#anchor "ftp-proxy/*"
#pass out proto tcp from 127.0.0.1 to any port 21 keep state

#pass through traffic
pass in on $nicint proto $protovia from $trusted to any modulate state
pass out on $nicext proto $protovia from any to any modulate state

#pass in from outside
pass in on $nicext proto tcp from any to $nicext port $tcpext modulate state
pass in on $nicext proto tcp from any to $nicext port > 49151 modulate state

#for samba
#pass out from localhost to $nicint:network keep state
#pass out from localhost to $trusted keep state

#diablo shitz
#pass out on $nicint proto udp from 127.0.0.1 to any port 6112 modulate state

#block from any to $shit