nat on $ext_if from !($ext_if) -> ($ext_if:0)
nat-anchor "ftp-proxy/*"
rdr-anchor "ftp-proxy/*"
rdr on $ext_if proto { tcp,udp } from any to any port { 137, 138, 139 } -> $honeyd
rdr on $ext_if proto tcp from any to any port 445 -> $honeyd
rdr pass on $int_if proto tcp to port ftp -> 127.0.0.1 port 8021
rdr pass on $ext_if proto tcp from <spamd> to port smtp \
-> 127.0.0.1 port spamd
rdr pass on $ext_if proto tcp from !<spamd-white> to port smtp \
-> 127.0.0.1 port spamd
block in
pass out keep state
anchor "ftp-proxy/*"
antispoof quick for { lo $int_if }
pass in log (all) quick on $ext_if inet proto { tcp,udp } from any to $honeyd port { 137, 138, 139 } keep state
pass in log (all) quick on $ext_if inet proto tcp from any to $honeyd port 445 keep state
pass in log (all) inet proto icmp all icmp-type $icmp_types keep state
pass in on $ext_if proto tcp to ($ext_if) port > 49151 user proxy keep state
pass in log on $ext_if inet proto tcp from any to ($ext_if) port smtp keep state
pass out log on $ext_if proto tcp from ($ext_if) to port smtp keep state
pass quick on { $int_if lo }