Код:

device          pf
device          pflog
device          pfsync

options         ALTQ
options         ALTQ_CBQ
options         ALTQ_RED
options         ALTQ_RIO
options         ALTQ_HFSC
options         ALTQ_PRIQ
options         ALTQ_NOPCC

options         IPFIREWALL
options         IPFIREWALL_VERBOSE
options         IPFIREWALL_VERBOSE_LIMIT=5
options         IPFIREWALL_FORWARD

options         SCHED_ULE               # ULE scheduler
options         PREEMPTION              # Enable kernel thread preemption
#options        SCHED_4BSD

options         INET                    # InterNETworking

# Я отключил только эти 3 модуля
#options        INET6                   # IPv6 communications protocols
#options        WITNESS                 # Enable checks to detect deadlocks and cycles
#options        WITNESS_SKIPSPIN        # Don't run witness on spinlocks for speed

Код:

nat on $внешний интерфейс from ip_внутренней_сети to any -> ($Внешний_интерфейс)

Код:

00100 48183 9002508 allow ip from any to any via xn0  
00200  1402  120130 allow ip from any to any via xn1

Код:

icmp_types="{ echoreq unreach }"      
set block-policy return  
set skip on lo0  
set skip on $int_if   
scrub in all    

nat on $ext_if from $lan to any -> ($ext_if)      

pass out on $ext_if from $ext_if to any keep state  
pass out on $ext_if from $lan to any keep state    
pass inet proto icmp all icmp-type $icmp_types

Код:

(vif-script 'vif-bridge netdev=br0')

Код:

(network-script network-dummy)  
(network-script network-bridge)  
(vif-script vif-bridge)  
(vif-script 'vif-bridge netdev=br0')