Simple Gateway With NAT

A More Selective List of Services

client_out = "{ ftp-data, ftp, ssh, domain, pop3, auth, nntp, http, \
                https, 446, cvspserver, 2628, 5999, 8000, 8080 }"
udp_services = "{ domain, ntp }"

block
# [ ... ]
pass quick inet proto { tcp, udp } to port $udp_services keep state

pass inet proto tcp from $int_if:network to port $client_out

pass in inet proto tcp to port ssh

Rule evaluations is top to bottom, last matching rule wins.

The quick keyword exits rule evaluation when current rule matches (quick rule always wins)