===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/share/pf/Attic/faq-example1,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- src/share/pf/Attic/faq-example1	2005/07/02 16:16:39	1.3
+++ src/share/pf/Attic/faq-example1	2006/06/16 17:26:59	1.4
@@ -1,4 +1,4 @@
-# $OpenBSD: faq-example1,v 1.3 2005/07/02 16:16:39 joel Exp $
+# $OpenBSD: faq-example1,v 1.4 2006/06/16 17:26:59 jasper Exp $
 
 #
 # Firewall for Home or Small Office
@@ -7,50 +7,45 @@
 
 
 # macros
-int_if = "fxp0"
-ext_if = "ep0"
+ext_if="fxp0"
+int_if="xl0"
 
-tcp_services = "{ 22, 113 }"
-icmp_types = "echoreq"
+tcp_services="{ 22, 113 }"
+icmp_types="echoreq"
 
-priv_nets = "{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 }"
+comp3="192.168.0.3"
 
-comp3 = "192.168.0.3"
-
 # options
 set block-policy return
 set loginterface $ext_if
 
+set skip on lo
+
 # scrub
-scrub in all
+scrub in
 
 # nat/rdr
-nat on $ext_if from $int_if:network to any -> ($ext_if)
-rdr on $int_if proto tcp from any to any port 21 -> 127.0.0.1 \
-   port 8021
+nat on $ext_if from !($ext_if) -> ($ext_if:0)
+nat-anchor "ftp-proxy/*"
+rdr-anchor "ftp-proxy/*"
+
+rdr pass on $int_if proto tcp to port ftp -> 127.0.0.1 port 8021
 rdr on $ext_if proto tcp from any to any port 80 -> $comp3
 
 # filter rules
-block all
+block in
 
-pass quick on lo0 all
+pass out keep state
 
-block drop in  quick on $ext_if from $priv_nets to any
-block drop out quick on $ext_if from any to $priv_nets
+anchor "ftp-proxy/*"
+antispoof quick for { lo $int_if }
 
 pass in on $ext_if inet proto tcp from any to ($ext_if) \
    port $tcp_services flags S/SA keep state
 
-pass in on $ext_if proto tcp from any to $comp3 port 80 \
-   flags S/SA synproxy state
+pass in on $ext_if inet proto tcp from any to $comp3 port 80 \
+    flags S/SA synproxy state
 
-pass in on $ext_if inet proto tcp from port 20 to ($ext_if) \
-   user proxy flags S/SA keep state
-
 pass in inet proto icmp all icmp-type $icmp_types keep state
 
-pass in  on $int_if from $int_if:network to any keep state
-pass out on $int_if from any to $int_if:network keep state
-
-pass out on $ext_if proto tcp all modulate state flags S/SA
-pass out on $ext_if proto { udp, icmp } all keep state
+pass quick on $int_if