Index: /branches/releng-10/nanobsd/files/etc/pf.hybrid.conf
===================================================================
--- /branches/releng-10/nanobsd/files/etc/pf.hybrid.conf	(revision 13061)
+++ /branches/releng-10/nanobsd/files/etc/pf.hybrid.conf	(revision 13160)
@@ -17,7 +17,11 @@
 #
 
-# Standard port allow listings
-allow_ext_in_tcp="ssh, domain, openvpn"
-allow_ext_in_udp="domain, snmp, openvpn"
+# Standard port allow listings for external services
+allow_ext_in_tcp="ssh, openvpn"
+allow_ext_in_udp="snmp, openvpn"
+
+# Standard port allow listings for services at host network (in case of NAT)
+allow_private_in_tcp="domain"
+allow_private_in_udp="domain"
 
 allow_ext_out_tcp = "domain, http, https, openvpn"
@@ -91,5 +95,10 @@
 pass out quick on $ext_if from $wl_net to $wl_net
 
-# Expose some local services (4)
+# Expose some local services for internal (NATted) network (4)
+pass in on $ext_if inet proto tcp from $private to $ext_if port { $allow_private_in_tcp } keep state
+pass in on $ext_if inet proto udp from $private to $ext_if port { $allow_private_in_udp } keep state
+pass in on $ext_if inet proto icmp from $private to $ext_if icmp-type { echoreq }
+
+# Expose some local services for the external world (WWW) network (4)
 pass in on $ext_if inet proto tcp from any to $ext_if port { $allow_ext_in_tcp } keep state
 pass in on $ext_if inet proto udp from any to $ext_if port { $allow_ext_in_udp } keep state