La trafikken passere bare der den skal:
pass in on $ext_if proto { tcp, udp } from any to $nameservers port domain pass in on $int_if proto { tcp, udp } from $localnet to $nameservers port domain pass out on $dmz_if proto { tcp, udp } from any to $nameservers port domain pass in on $ext_if proto tcp from any to $webserver port $webports pass in on $int_if proto tcp from $localnet to $webserver port $webports pass out on $dmz_if proto tcp from any to $webserver port $webports pass in log on $ext_if proto tcp from any to $mailserver port smtp pass in log on $int_if proto tcp from $localnet to $mailserver port $email pass out log on $dmz_if proto tcp from any to $mailserver port smtp pass in on $dmz_if from $mailserver to any port smtp pass out log on $ext_if proto tcp from $mailserver to any port smtp