ext="tun0"
int="re0"
dsl="re1"
intnet="{192.168.0.0/24}"
set optimization aggressive
set skip on lo
set loginterface $ext
set block-policy drop
match in all scrub (no-df)
match out on $ext from $intnet to any nat-to ($ext)
block in log all
block out log all
antispoof log quick for { lo $int }
pass quick on $int all no state
pass out quick on $dsl all no state
pass out quick on $ext proto { tcp udp icmp } all modulate state