# macros
int_if="dc0"
tcp_services="{ 22, 113, 5444, 5445 }"
icmp_types="echoreq"
set block-policy return
set loginterface fxp0
set skip on lo
# FTP Proxy rules
anchor "ftp-proxy/*"
pass in quick on $int_if inet proto tcp to any port ftp \
divert-to 127.0.0.1 port 8021
pass in quick
# match rules
match out on egress inet from !(egress) to any nat-to (egress:0)
# filter rules
block in log
pass out quick
antispoof quick for { lo $int_if }
pass in on egress inet proto tcp from any to (egress) \
port $tcp_services
pass in on egress inet proto tcp to (egress) port 22222\
rdr-to 192.168.1.49 synproxy state
pass in inet proto icmp all icmp-type $icmp_types
pass in on $int_if proto tcp