ext_if = "sis4"                         # macro for external interface - use tun0 for PPPoE
int_if = "bridge0"                      # macro for internal interface
localnet = $int_if:network

# ext_if IP address could be dynamic, hence ($ext_if)
nat on $ext_if from $localnet to any -> ($ext_if)

#block all
pass from { lo0, $localnet } to any keep state