* route-to roundrobin will not work with ftp since every transfer opens up a new connection
* use **round-robin proto tcp from $lan_net to any port !ftp flags S/SA modulate state** to exempt ftp
# --------------- file /etc/pf.conf --------------------
lan_net = "10.1.0.0/22"
int_if = "fxp0"
ext_if1 = "xl0"
ext_if2 = "xl1"
ext_gw1 = "192.168.103.1"
ext_gw2 = "192.168.104.1"
virus_ports="{135,137,139,445,1080,1025,1026,1433,1434}"
tcp_udp = "{tcp,udp}"
#nat on $ext_if1 from $lan_net to any -> ($ext_if1)
#nat on $ext_if2 from $lan_net to any -> ($ext_if2)
#nat on $ext_if1 from $lan_net to any -> $ext_if1 static-port
#nat on $ext_if2 from $lan_net to any -> $ext_if2 static-port
#block virus port
#block in quick proto $tcp_udp from any port $virus_ports to any
#block out quick proto $tcp_udp from any to any port $virus_ports
pass in on $int_if route-to { ($ext_if1 $ext_gw1),($ext_if2 $ext_gw2) } round-robin \
proto tcp from $lan_net to any flags S/SA modulate state
pass in on $int_if route-to { ($ext_if1 $ext_gw1),($ext_if2 $ext_gw2) } round-robin \
proto {udp,icmp} from $lan_net to any keep state
pass out on $ext_if1 route-to ($ext_if2 $ext_gw2) proto tcp from ($ext_if2) to any
pass out on $ext_if2 route-to ($ext_if1 $ext_gw1) proto tcp from ($ext_if1) to any
====== Route traffic based on destination ======
* packet filter matches on the last rule that matches, so start with a generic rule and get more specific as you write the config file.
pass in on $int_if route-to { ($ext_if1 $ext_gw1),($ext_if1 $ext_gw1),($ext_if2 $ext_gw2) } round-robin proto tcp from to port {80} flags S/SA modulate state
pass in on $int_if route-to { ($ext_if1 $ext_gw1),($ext_if1 $ext_gw1),($ext_if2 $ext_gw2) } round-robin proto {udp,icmp} from to keep state
pass in on $int_if route-to { ($ext_if2 $ext_gw2) } proto tcp from to 208.85.40.0/21 port {80} flags S/SA modulate state # route panadora through wcta
pass in on $int_if route-to { ($ext_if1 $ext_gw1) } proto tcp from to 17.0.0.0/8 port {80} flags S/SA modulate state # route apple through FED