Listing 1 Basic configuration /etc/pf.conf

# Macros
ext_if="fxp0"
int_if="fxp1"
pfsync_if="fxp2"
carp0="66.77.24.5"

# Options
set block-policy drop

# Normalization
scrub in no-df

# Translation
nat on $ext_if from $int_if:network to any -> $carp0

# Filters
block in log on $ext_if
pass quick on { lo $int_if }
pass quick on $pfsync_if proto pfsync
pass quick on { $ext_if $int_if } proto carp keep state
pass out on $ext_if keep state