# --------------- file /etc/pf.conf --------------------
lan_net = "10.1.0.0/22"
int_if = "fxp0"
ext_if1 = "xl0"
ext_if2 = "xl1"
ext_gw1 = "192.168.103.1"
ext_gw2 = "192.168.104.1"

virus_ports="{135,137,139,445,1080,1025,1026,1433,1434}"
tcp_udp = "{tcp,udp}"

#nat on $ext_if1 from $lan_net to any -> ($ext_if1)
#nat on $ext_if2 from $lan_net to any -> ($ext_if2)

#nat on $ext_if1 from $lan_net to any -> $ext_if1 static-port
#nat on $ext_if2 from $lan_net to any -> $ext_if2 static-port

#block virus port
#block in quick proto $tcp_udp from any port $virus_ports to any
#block out quick proto $tcp_udp from any to any port $virus_ports

pass in on $int_if route-to { ($ext_if1 $ext_gw1),($ext_if2 $ext_gw2) } round-robin \
proto tcp from $lan_net to any flags S/SA modulate state
pass in on $int_if route-to { ($ext_if1 $ext_gw1),($ext_if2 $ext_gw2) } round-robin \
proto {udp,icmp} from $lan_net to any keep state

pass out on $ext_if1 route-to ($ext_if2 $ext_gw2) proto tcp from ($ext_if2) to any
pass out on $ext_if2 route-to ($ext_if1 $ext_gw1) proto tcp  from ($ext_if1) to any