Задача. Настроить что бы внешний rl1 был закрыт, а внутренний vr0 только определенную подсеть или ip адрес пускал наружу. Подскажите в чем ошибка? Ядро собирал в options ALTQ device pf device pflog device pfsync
prov_if="rl1"
int_if="vr0"
internal_net="192.168.1.0/24"
me="192.168.1.1"
LAN_to_INT="{ftp,ftp-data,www,https,ssh,smtp,pop3,nntp,8080,ntp,411,5190}&q uot;
scrub in all
nat on $prov_if from $internal_net to any port 25 -> $prov_if
nat on $prov_if from $internal_net to any port 110 -> $prov_if
nat on $prov_if from $internal_net to any port 80 -> $prov_if
# block in on $prov_if from any to any
pass in on $prov_if inet proto icmp from any to $prov_if icmp-type 8 keep state
pass in on $prov_if inet proto tcp from any to $prov_if icmp-type 22 keep state
pass in on $prov_if inet proto tcp from any to $prov_if icmp-type 25 keep state
pass out on $prov_if inet proto icmp from $prov_if to any icmp-type 8 keep state
pass out on $prov_if inet proto tcp from $prov_if to any port www keep state
pass out on $prov_if inet proto tcp from $prov_if to any port ftp keep state
pass out on $prov_if inet proto tcp from $prov_if to any port ssh keep state
pass out on $prov_if inet proto udp from $prov_if to any port 53 keep state
pass out on $int_if inet proto udp from $internal_net to $me port 53 keep state
pass out on $int_if inet proto icmp from $me to $internal_net icmp-type 8 keep state
