#### INTERFACESext_if="re0"loc_if="lo0"icmp_types="echoreq"vpn_if="tun0"

1. #### INTERFACES
2. ext_if="re0"
3. loc_if="lo0"
4. icmp_types="echoreq"
5. vpn_if="tun0"
6.  
7. #### ADDRESSES
8. vpn_addrs4="10.8.0.0/16"
9. vpn_addrs6="2a01:4f8:d12:d01:8000::/65"
10. vpn_addrs="{ 10.8.0.0/16 , 2a01:4f8:d12:d01:8000::1/65 }"
11.  
12. # pass and nat traffic from VPN clients
13. nat pass from $vpn_addrs4 to ! $ext_if -> 88.198.106.11
14. nat pass log from $vpn_addrs6 to ! $ext_if:network -> 2a01:4f8:d12:d01::10:100
15.  
16.  
17. #### FILTERING
18. block in
19. pass out quick
20.  
21. pass quick on $vpn_if
22. # [...]
23.  
24.  
25.  
26. # natted from VPN
27. 00:00:00.000000 rule 1..16777216/0(match): nat out on tun0: 2a01:4f8:d12:d01::10:100 > 2a01:4f8:d12:d01:8000::1000: ICMP6, neighbor advertisement, tgt is 2a01:4f8:d12:d01:8000::1, length 24
28.  
29. # non-netted from local host
30. 00:00:40.665833 rule 2..16777216/0(match): pass out on re0: 2a01:4f8:d12:d01::10:100.28294 > 2001:8b0:12cc:c087::3.53: Flags [S], seq 2002573705, win 65535, options [mss 1440,nop,wscale 6,sackOK,TS val 1324721132 ecr 0], length 0