#
# Scrub rules
#
scrub in all fragment reassemble

# 
# Rule  0 (NAT)
nat on  le0 from 192.168.1.0/24 to any -> (le0) 
nat on  enc1 from 192.168.1.0/24 to any -> (enc1) 
# 
# Rule  1 (NAT)
nat on  le0 from 192.168.1.0/24 to any tagged ipsec_tag -> (le0) 
nat on  enc1 from 192.168.1.0/24 to any tagged ipsec_tag -> (enc1) 

# 
# Rule  0 (le0)
pass in  on le0 inet  from any  to any tag INTNET keep state 
# 
# Rule  1 (enc1)
pass in   quick on enc1 inet  from any  to any keep state 
# 
# Rule  2 (enc0)
pass out  quick on enc0 inet  from any  to any tagged INTNET  keep state 
# 
# Rule  3 (enc0)
pass out  quick on enc0 inet proto tcp  from any  to any port 80 keep state 
# 
# Rule  4 (lo)
pass  quick on lo inet  from any  to any keep state 
# 
# Rule  5 (global)
pass  quick inet  from any  to any tagged ipsec_tag  keep state 
# 
# Rule  6 (global)
pass  quick inet  from any  to any tagged ipsec_tag  keep state 
pass  quick inet  from any  to any tagged tag2  keep state 
# 
# Rule  8 (global)
pass  quick inet proto tcp  from any  to any port 80 keep state 
pass  quick inet  from any  to any tagged ipsec_tag  keep state 
# 
# Rule  10 (global)
pass  quick inet proto tcp  from 192.168.1.0/24  to any port 25 queue mail 
# 
# Rule  11 (global)
block  log  quick inet  from any  to any 
# 
# Rule  fallback rule
#    fallback rule 
block  quick inet  from any  to any