tcp_ports="{ 22, 80, 443, 860, 2049, 111, 3260 }"udp_ports="{ tftp, 111, 2049

1. tcp_ports="{ 22, 80, 443, 860, 2049, 111, 3260 }"
2. udp_ports="{ tftp, 111, 2049 }"
3.  
4.  
5. set block-policy drop
6.  
7. set skip on lo
8. set skip on vlan1
9.  
10. scrub in all fragment reassemble
11.  
12. rdr pass on tap0 proto tcp from any to 192.94.73.210 rtable 2 -> 192.168.60.4
13. #rdr pass on tap1 proto tcp from any to 178.63.35.230 rtable 3 -> 192.168.60.5
14.  
15. block in all
16. pass out all keep state
17.  
18. #ldap
19. pass in quick on vlan0 inet proto tcp from 192.168.50.0/24 to any port 389
20. #end ldap
21.  
22. pass in on vlan0 inet6 proto icmp6 from any to any
23.  
24. pass in on tap0 proto tcp from any to any port 22 rtable 2
25. pass in on tap0 proto icmp from any to any rtable 2
26.  
27. #pass in on tap1 proto tcp from any to any port 22 rtable 3
28. #pass in on tap1 proto tcp from any to any port 80 rtable 3
29. #pass in on tap1 proto icmp from any to any rtable 3
30.  
31. pass in on vlan0 proto tcp from any to any port $tcp_ports
32. pass in on vlan0 proto udp from any to any port $udp_ports
33. pass in on vlan0 inet6 proto tcp from any to any port $tcp_ports
34. pass in on vlan0 inet6 proto udp from any to any port $udp_ports