nat on $ExtIf from 192.168.1.0/24 to any -> ($ExtIf)
rdr on $ExtIf proto { tcp,udp } from any to any port { 137, 138, 139 } -> $honeyd
rdr on $ExtIf proto tcp from any to any port 445 -> $honeyd
rdr pass on $IntIf proto tcp from any to any port 21 -> 127.0.0.1 port 8021
rdr on $IntIf inet proto tcp from any to any port www -> 127.0.0.1 port 3128
table <spamd> persist
table <spamd-white> persist
rdr pass inet proto tcp from <spamd> to any \
port smtp -> 127.0.0.1 port spamd
rdr pass inet proto tcp from !<spamd-white> to any \
port smtp -> 127.0.0.1 port spamd
block in
pass out keep state
antispoof quick for { lo $IntIf }
pass in quick on $ExtIf inet proto tcp from <spamd> to 127.0.0.1 port 8025 flags S/SA keep state
pass in quick on $ExtIf inet proto tcp from any to $ExtIf port 25 flags S/SA keep state
pass in log (all) quick on $ExtIf inet proto { tcp,udp } from any to $honeyd port { 137, 138, 139 } keep state
pass in log (all) quick on $ExtIf inet proto tcp from any to $honeyd port 445 keep state
pass in log (all) inet proto icmp all icmp-type $icmp_types keep state
pass quick on { $IntIf lo }