Listing 3 Advanced configuration /etc/pf.conf

# Macros
ext_if="fxp0"
int_if="fxp1"
pfsync_if="fxp2"
http_ext="66.77.24.5"
http_int="10.0.0.8/30"
smtp_ext="66.77.24.10"
smtp_int="10.0.0.7"

# Options
set block-policy drop

# Normalization
scrub in no-df

# Translation
nat on $ext_if from $http_int to any -> $http_ext
binat on $ext_if from $smtp_int to any -> $smtp_ext
rdr pass on $ext_if inet proto tcp from any to $http_ext port \
  { 80, 443 } -> $http_int source-hash

# Filters
block in log on $ext_if
pass quick on { lo $int_if }
pass quick on $pfsync_if proto pfsync
pass quick on { $ext_if $int_if } proto carp keep state
pass out on $ext_if keep state
pass in on $ext_if inet proto tcp from any to $smtp_int port smtp keep state