gate# cat /etc/pf.conf
# Macros
        ext_if = "rl0"
        int_if = "nfe0"

        extnet = "172.0.0.0/8"
        lannet = "192.168.0.0/24"
        ext_ip = "172.16.24.35/32"
        bsd = "192.168.0.77/32"
        private_nets="{ 127.0.0.0/8, 192.168.0.0/24, 0.0.0.0/8, 240.0.0.0/4}"

        set block-policy drop
        set state-policy floating
        set loginterface $ext_if
        set limit { frags 100000, states 100000 }
        set optimization normal
        set skip on lo0
        scrub in all
# NAT
        nat on $ext_if inet from $lannet to any -> $ext_ip
# Rules
        antispoof quick for {lo0, $int_if, $ext_if }
        block log all
        block drop in quick on $ext_if from $private_nets to any
        pass inet proto icmp icmp-type echoreq

        pass in on $int_if proto tcp from any to any port >0

        pass out on $ext_if proto tcp from any to any
        pass out on $ext_if proto udp from any to any keep state
        pass out on $int_if proto tcp from any to any
        pass out on $int_if proto udp from any to any keep state




gate# cat /etc/resolv.conf
nameserver      172.16.128.20
nameserver      172.16.0.151




gate# cat /etc/rc.conf

# -- sysinstall generated deltas -- # Wed Jan 26 14:42:41 2011
# Created: Wed Jan 26 14:42:41 2011
# Enable network daemons for user convenience.
# Please make all changes to this file, not to /etc/defaults/rc.conf.
# This file now contains just the overrides from /etc/defaults/rc.conf.

hostname="gate"
defaultrouter="172.16.127.254"
#ifconfig_rl0="ether 00:0e:0c:3c:ca:91"
#ifconfig_rl0_alias0="inet 172.16.24.35 netmask 255.255.128.0"

ifconfig_rl0="inet 172.16.24.35 netmask 255.255.128.0"

ifconfig_nfe0="inet 192.168.0.77 netmask 255.255.255.0"
gateway_enable="YES"
keymap="ru.koi8-r"
sshd_enable="YES"

pf_enable="YES"
pflog_enable="YES"