Index: /branches/releng-9.0/nanobsd/files/etc/pf.conf.ileiden
===================================================================
--- /branches/releng-9.0/nanobsd/files/etc/pf.conf.ileiden	(revision 10178)
+++ /branches/releng-9.0/nanobsd/files/etc/pf.conf.ileiden	(revision 10178)
@@ -0,0 +1,44 @@
+ext_if="sis0"
+int_if="tap0" 
+wifi_if="wlan0"
+
+wl_net="172.16.0.0/12"
+vpn_net="172.17.64.0/28"
+
+publicnat="{80, 443}"
+allow_ext_tcp="{22}"
+allow_ext_udp="{161}"
+allow_int_tcp="{22,53,80,3128,12345}"
+allow_int_udp="{53,67,68,131,161,12345}"
+
+private="{ 10.0.0.0/8 , 192.168.0.0/16 }"
+
+# Nat the internet
+nat on $ext_if from $wl_net to any port $publicnat -> ($ext_if) 
+
+# Nat local wl access
+nat on $int_if from any to $wl_net -> ($int_if)
+pass on $ext_if from any to $wl_net keep state
+
+# Block all
+block in on $ext_if
+pass in on $int_if
+
+# Make sure to block local network access from wl
+block out on $ext_if from $wl_net to $private
+
+# Allow wl access from access point (not yet reversed)
+pass on $wifi_if from $wl_net to $wl_net
+
+# Allow directives 
+pass in on $ext_if inet proto tcp from any to $ext_if port $allow_ext_tcp keep state
+pass in on $ext_if inet proto udp from any to $ext_if port $allow_ext_udp keep state
+pass in on $int_if inet proto tcp from any to $vpn_net port $allow_int_tcp keep state
+pass in on $int_if inet proto udp from any to $vpn_net port $allow_int_udp keep state
+pass in on $int_if inet proto icmp from $wl_net to $vpn_net keep state
+
+# Enable statefull firewalling
+pass out on {$ext_if, $int_if} keep state
+
+
+