##      $OpenBSD: pf.conf,v 1.31 2006/01/30 12:20:31 camield Exp $
 #
 # See pf.conf(5) and /usr/share/pf for syntax and examples.
 # Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1
 # in /etc/sysctl.conf if packets are to be forwarded between interfaces.

 
 #pass quick on $int_if
 #antispoof quick for { lo $int_if }

 
 server_if="nfe0"
 maint_if="le0"

 maintenance = "{ssh, www }"
 user_tcp_services = "{ www, afpovertcp }"
 user_udp_services = "{ afpovertcp }"

 nice_hosts = "{ a.a.a.0/25, b.b.b.b }"
 bad_hosts = "{ a.a.a.2 }"
 maintenance_hosts = "{ c.c.c.1 }"
 
 set skip on lo
 scrub in

 block in log
 block in on $server_if from $bad_hosts to any

 pass in quick on $server_if proto tcp from $nice_hosts to ($ext_if) port $user_tcp_services keep state
 pass in quick on $server_if proto udp from $nice_hosts to ($ext_if) port $user_udp_services 
 
 pass in quick on $maint_if proto tcp from $maintenance_hosts to ($maint_if) port $maintenance keep state

 pass out keep state