# Tables: (4)
table <block these> persist file "block-hosts.tbl"
table <spammers> persist
table <tbl.r0.d> { 192.168.1.1 , 192.168.1.2 , 192.168.1.3/30 , 192.168.1.200 , 192.168.1.201 , 192.168.2.128/25 } 
table <tbl.r1> { 7.7.7.7 , 61.150.47.112 , 192.168.1.1 , 192.168.1.2 , 192.168.1.3/30 , 192.168.1.200 , 192.168.1.201 , 192.168.2.128/25 } 

# 
# Rule  0 (NAT)
rdr on  eth0.100 proto tcp from ! <block these> to (eth0.100) port 25 -> 192.168.1.10 port 25 
# 
# Rule  1 (NAT)
rdr on  eth0.100 proto tcp from <block these> to (eth0.100) port 25 -> 192.168.1.10 port 25 
rdr on  eth0.100 proto tcp from <tbl.r1> to (eth0.100) port 25 -> 192.168.1.10 port 25 
# 
# Rule  2 (NAT)
nat on  eth0.100 from 192.168.1.0/24 to ! <block these> -> (eth0.100) 
# 
# Rule  3 (NAT)
rdr proto tcp from any to (eth0.100) port 25 -> { 192.168.1.1 , 192.168.1.2 , 192.168.1.200 , 192.168.1.201 , 192.168.1.3/30 , 192.168.2.128/25 } port 25 
# 
# Rule  4 (NAT)
rdr from any to (eth0.100) -> { 192.168.1.1 , 192.168.1.2 , 192.168.1.200 , 192.168.1.201 , 192.168.1.3/30 , 192.168.2.128/25 } 
# 
# Rule  5 (NAT)
no nat from 192.168.1.0/24 to <block these> 
no rdr from 192.168.1.0/24 to <block these> 
# 
# Rule  6 (NAT)
rdr from 192.168.1.0/24 to <block these> -> (lo) 

# 
# Rule  0 (global)
pass  quick inet  from any  to <tbl.r0.d> keep state  label "RULE 0 -- ACCEPT on global "  
# 
# Rule  1 (global)
block  log  quick inet  from any  to <block these>  label "RULE 1 -- DROP on global "  
# 
# Rule  2 (global)
block  log  quick inet  from any  to <block these>  label "RULE 2 -- DROP on global "  
block  log  quick inet  from any  to <tbl.r1>  label "RULE 2 -- DROP on global "  
# 
# Rule  3 (global)
block  log  quick inet  from any  to <tbl.r0.d>  label "RULE 3 -- DROP on global "  
# 
# Rule  4 (global)
block  log  quick inet  from <spammers>  to any  label "RULE 4 -- DROP on global "  
# 
# Rule  5 (global)
block  quick inet proto tcp  from any  to <block these> port 25  label "RULE 5 -- DROP on global "  
block  quick inet proto tcp  from any  to 61.150.47.112 port 25  label "RULE 5 -- DROP on global "  
# 
# Rule  6 (global)
block  log  quick inet  from <block these>  to any  label "RULE 6 -- DROP on global "  
# 
# Rule  7 (global)
block  log  quick inet  from <block these>  to any  label "RULE 7 -- DROP on global "  
block  log  quick inet  from 61.150.47.112  to any  label "RULE 7 -- DROP on global "  
# 
# Rule  9 (global)
pass  quick inet proto tcp  from any  to 192.168.1.10 port 25 keep state ( max-src-conn 5, overload <spammers> flush global ) label "RULE 9 -- ACCEPT on global "  
# 
# Rule  10 (global)
pass  quick inet  from 192.168.1.0/24  to any keep state  label "RULE 10 -- ACCEPT on global "  
# 
# Rule  11 (global)
block  log  quick inet  from any  to any  label "RULE 11 -- DROP on global "  
# 
# Rule  fallback rule
#    fallback rule 
block  quick inet  from any  to any  label "RULE 10000 -- DROP on global "