Firewall Server / PF

# cat /etc/pf.conf

ext_if = "fxp0"
ext_addr = "192.168.0.2"
table  { 192.168.0.0/24 }
int_if = "fxp1"
int_addr = "192.168.1.3"
table  { 192.168.1.0/24 }
lo_if = "lo0"
lo_addr = "127.0.0.1"
rt_sv = "192.168.0.10"
tcp_sv = "{ 20, 25, 53, 80, 110, 123, 443, 465, 587, 993, 995, 22 }"
udp_sv = "{ 53, 123 }"
proxy_sv = "8080"
table  { 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 }
set timeout { interval 10, frag 30 }
set timeout { tcp.first 120, tcp.opening 30, tcp.established 86400 }
set timeout { tcp.closing 900, tcp.finwait 45, tcp.closed 90 }
set timeout { udp.first 60, udp.single 30, udp.multiple 60 }
set timeout { icmp.first 20, icmp.error 10 }
set timeout { other.first 60, other.single 30, other.multiple 60 }
set timeout { adaptive.start 0, adaptive.end 0 }
set limit { states 10000, frags 5000 }
set loginterface $ext_if
set optimization normal
set block-policy return
scrub in all
nat on $ext_if from $rt_sv to any -> ($ext_if)
nat on $ext_if from  to any -> ($ext_if)
block log all
pass in on $ext_if inet proto tcp from any to any port www keep state
pass out on $ext_if inet proto tcp from any to any port www keep state
pass in quick on $lo_if all
pass out quick on $lo_if all
pass in quick on $int_if all
pass out quick on $int_if all
block out quick on $ext_if proto {tcp udp} from any to any port 135
block out quick on $ext_if proto {tcp udp} from any to any port 137:139
block out quick on $ext_if proto {tcp udp} from any to any port 445
pass out quick on $ext_if proto tcp all keep state
pass out quick on $ext_if proto udp all keep state
pass out quick on $ext_if inet proto icmp all keep state
pass in quick on $ext_if inet proto tcp from  to $ext_if \
        port 10022 keep state
block in log quick proto tcp from  to any port 22
pass in on $ext_if proto tcp from any to $ext_if \
        port $tcp_sv flags S/SA keep state
pass in on $ext_if proto udp from any to $ext_if \
        port $udp_sv keep state