Macros
Tables
Options
Traffic normalization
Bandwidth management
Redirection
Packet filtering
/etc/pf.conf
###########################################
# PF rules
#
# DNS and SQUID installed
###########################################
#
# Interfaces
#
ext_if="xl0"
int_if="xl1"
lo_if="lo0"
# The dialog Private Address Range
prv_ad = "172.16.0.0/24"
# Primary External Address
ext_ad = "my external address"
# Protocols for which we are doing NAT
nat_proto = "{ tcp, udp, icmp }"
# Define queues
lowqueueports = "{ 21, 25, 80, 110, 443 }"
highqueueports = "{ 22, 23, 53 }"
torrentports = "6881:6999"
# Private Addresses
prv_ads = "{ 10.0.0.0/8, 127.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 }"
# Optional Private Addresses (for example)
int_webproxy="172.16.0.148"
int_nameserver="172.16.0.148"
#######################################################
#
# Options
#
# Limit the number of fragments kept in memory to 5000
set limit frags 5000
set limit states 20000
set optimization aggressive
set block-policy drop
set loginterface none
#######################################################
#
# Scrub Rules
#
# Scrub all packetes coming from the world
scrub in on $ext_if from any