It might be not that useful, but looks nice :)
Loaded without errors. It should work :)
# Experimental filter
# too show the possibility using anchors for grouping
# interfaces in readable sections
table <admin> { 1.1.1.1 } persist
set skip on { lo }
scrub in on wan_if
nat on wan_if from (lan_if) to !(lan_if) -> (wan_if:0)
antispoof for { wan_if, lan_if }
anchor "external" on wan_if {
block # default rule
pass out proto { tcp, udp } to port < 1025 # restricted and maybe
not useful
pass in from <admin> # all for the admin
}
anchor "internal" on lan_if {
block out # default block into the lan
pass in # but all allowed from lan
}
---
Regards Karl-Heinz
[demime 1.01d removed an attachment of type application/pkcs7-signature which
had a name of smime.p7s]
