Noen ganger er det enkle vanskeligere
webserver = "192.168.2.7"
webports = "{ http, https }"
emailserver = "192.168.2.5"
email = "{ smtp, pop3, imap, imap3, imaps, pop3s }"
rdr on $ext_if proto tcp from any to $ext_if port $webports -> $webserver
rdr on $ext_if proto tcp from any to $ext_if port $email -> $emailserver
pass in on $ext_if proto tcp from any to $webserver port $webports \
flags S/SA synproxy state
pass in on $ext_if proto tcp from any to $emailserver port $email \
flags S/SA synproxy state
pass out on $ext_if proto tcp from $emailserver to any port smtp \
flags S/SA synproxy stateFungerer med eller uten separat dmz, men -