1 ### set these to your outside interface network and netmask and ip
7 ### set these to your inside interface network and netmask and ip
15 ### divert packet to NATD
16 $fwcmd add 1 divert natd ip from any to any via ${oif}
19 $fwcmd add deny all from ${inet}:${imask} to any in via ${oif}
20 $fwcmd add deny all from ${onet}:${omask} to any in via ${iif}
22 ### Allow from / to myself
23 $fwcmd add pass all from ${iip} to any via ${iif}
24 $fwcmd add pass all from ${oip} to any via ${oif}
25 $fwcmd add pass all from any to ${iip} via ${iif}
26 $fwcmd add pass all from any to ${oip} via ${oif}
28 ### Allow DNS queries out in the world
29 ### (if DNS is on localhost, delete passDNS)
30 $fwcmd add pass udp from any 53 to any
31 $fwcmd add pass udp from any to any 53
32 $fwcmd add pass tcp from any to any 53
33 $fwcmd add pass tcp from any 53 to any
35 ### Forwarding http connection from unauth client
36 $fwcmd add 60000 fwd localhost tcp from ${inet}:${imask} to any 80
37 $fwcmd add 60000 fwd localhost tcp from ${inet}:${imask} to any 443
39 ### Allow http reply for forwarded request
40 ### (it is sent out from localhost but has original source address)
41 $fwcmd add 60100 pass tcp from any 80 to any out
42 $fwcmd add 60100 pass tcp from any 443 to any out