Poll över router OS jag ska köra

# macros
lo_if=lo0
ext_if=re0
int_if=re1
tcp_services="{ 22 }"
priv_nets = "{127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12,10.0.0/8 }"

# tables
table <CHINA> const {58.14/15,58.16/13,58.24/15,58.30/15,58.32/11,58.66/15,58.82/15,58.87.64/18,58.100/15,58.116/14,58.128/13,\
58.144/16,58.192/14,58.196/15,58.200/13,58.208/12,58.240/12,59.32/12,59.48/14,59.52/14,59.56/13,59.64/13,59.72/15,\
59.77/16,59.78/15,59.80/14,59.107/17,59.108/15,59.151/17,59.191/17,59.192/10,60/13,60.8/14,60.12/16,60.13/18,\
60.13.128/17,60.14/15,60.16/12,60.55/16,60.63/16,60.160/11,60.194/15,60.200/14,60.204/16,60.208/12,\
60.232/15,60.255/16,61.4.64/20,61.28/17,61.29.128/17,61.45.128/18,61.47.128/18,61.48/13,61.128/10,61.232/14,61.236/15,\
61.240/14,125.31.192/18,125.32/16,125.40/13,125.58.128/17,125.62/18,125.64/13,125.72/15,125.80/12,125.96/15,125.98/16,\
125.104/13,125.112/12,125.171/16,125.208/18,125.210/16,125.213/17,125.216/15,125.218/16,125.222/15,125.254.128/18,\
134.196/16,159.226/16,161.207/16,162.105/16,166.111/16,167.139/16,168.160/16,192.83.122/24,192.124.154/24,192.188.170/24,\
198.17.7/24,198.97.132/24,202.110/24,202.160/20,202.176/22,202.3.77/24,202.4.128/19,202.4.252/22,202.8.128/19,202.10.64/20,\
202.14.88/24,202.14.235/24,202.14.236/23,202.14.238/24,202.20.120/24,202.22.248/21,202.38/20,202.38.32/20,202.38.64/18,\
202.38.128/21,202.38.136/23,202.38.138/24,202.38.140/22,202.38.144/22,202.38.149/24,202.38.150/23,202.38.152/22,\
202.38.156/24,202.38.158/23,202.38.160/23,202.38.164/22,202.38.168/21,202.38.176/23,202.38.184/21,202.38.192/18,\
202.41.152/21,202.46.32/19,202.46.224/20,202.60.112/20,202.62.248/22,202.69.4/22,202.69.16/20,202.70/19,202.74.8/21,\
202.75.208/20,202.85.208/20,202.90/22,202.90.224/20,202.90.252/22,202.91/22,202.91.128/22,202.92/22,202.92.252/22,\
202.93/22,202.93.252/22,202.94/19,202.95/19,202.95.252/22,202.96/12,202.112/13,202.120/15,202.122/19,202.122.32/21,\
202.122.64/19,202.122.112/21,202.122.128/24,202.123.96/20,202.125.176/20,202.127/18,202.127.112/20,202.127.128/19,\
202.127.160/21,202.127.192/18,202.130/19,202.130.224/19,202.131.16/21,202.131.48/20,202.131.208/20,202.136.48/20,\
202.136.208/20,202.136.224/20,202.136.252/22,202.141.160/19,202.142.16/20,202.148.96/19,202.149.160/20,202.149.224/19,\
202.150.16/20,202.152.176/20,202.153.48/20,202.158.160/19,202.160.176/20,202.164/20,202.165.96/20,202.165.208/20,\
202.166.192/19,202.168.160/20,202.170.128/19,202.170.216/21,202.173.8/21,202.173.224/19,202.180.128/19,202.192/12,\
203.79/20,203.81.16/20,203.86/18,203.86.64/19,203.87.224/19,203.88/22,203.88.32/19,203.88.192/19,203.89/22,203.90/22,\
203.90.128/18,203.90.192/19,203.91/22,203.91.32/19,203.91.96/20,202.91.176/20,203.92/22,203.92.160/19,203.93/19,\
203.94/18,203.95/21,203.95.96/20,203.100.32/20,203.100.96/19,203.110.160/19,203.118.192/19,203.119.24/21,\
203.119.32/22,203.128.32/19,203.128.96/19,203.128.128/19,203.130.32/19,203.132.32/19,203.134.240/21,203.148/18,\
203.152.64/19,203.156.192/18,203.161.192/19,203.166.160/19,203.175.128/19,203.175.192/18,203.184/22,\
203.187.160/19,203.191.64/18,203.192/19,203.196/22,203.207.64/18,203.207.128/17,203.208/20,203.208.16/22,203.212/20,\
203.222.192/20,203.223/20,210.2/19,210.5/19,210.5.32/20,210.5.128/20,210.12/15,210.14.64/19,210.14.160/19,210.14.192/18,\
210.15/17,210.15.128/18,210.16.128/18,210.21/16,210.22/16,210.25/16,210.26/15,210.28/14,210.32/12,210.51/16,210.52/15,\
210.56.192/19,210.72/14,210.76/15,210.78/16,210.79.64/18,210.79.224/19,210.82/15,210.87.128/18,210.185.192/18,\
210.192.96/19,210.211/20,211.64/13,211.80/12,211.96/13,211.136/13,211.144/12,211.160/13,218/11,218.56/13,218.64/11,\
218.96/14,218.104/14,218.108/15,218.192/13,218.200/14,218.204/14,218.240/13,218.249/16,219.72/16,219.82/16,219.128/11,\
219.216/13,219.224/14,219.228/14,219.232/13,219.242/15,219.244/14,220.101.192/18,220.112/14,220.160/11,220.192/12,\
220.231/18,220.231.128/17,220.234/16,220.248/14,221/13,221.8/15,221.10/16,221.11/17,221.11.128/18,221.11.192/19,221.12/17,\
221.12.128/18,221.13/16,221.14/15,221.122/15,221.129/16,221.130/15,221.136/15,221.172/14,221.176/13,221.192/14,221.196/15,\
221.198/16,221.199/19,221.199.32/20,221.199.128/18,221.199.192/20,221.200/13,221.208/12,221.224/12,222.16/12,222.32/11,\
222.64/11,222.125/16,222.128/12,222.161.128/17,220.234/16,220.248/14,221/13,221.8/15,221.10/16,221.11/17,221.11.128/18,\
221.11.192/19,221.12/17,221.12.128/18,221.13/16,221.14/15,221.122/15,221.129/16,221.130/15,221.136/15,221.172/14, \
221.176/13,221.192/14,221.196/15,221.198/16,221.199/19,221.199.32/20,221.199.128/18,221.199.192/20,221.200/13,\
221.208/12,221.224/12,222.16/12,222.32/11,222.64/11,222.125/16,222.128/12,222.160/14,222.168/13,222.176/12,\
222.192/11,222.240/13,222.248/16,222.249/17,222.249.128/18,222.249.192/19,222.249.224/20,222.249.240/21,222.249.248/23} 

table <KOREA> const {58.65.64/18,58.72/13,58.102/15,58.120/13,58.140/14,58.145/17,58.148/14,58.180/16,58.181/18,58.184/16,58.224/12,59/11,59.150/16,59.186/15,60.196/15,61.4.192/19,61.32/13,61.40/14,61.47.192/18,61.72/13,61.80/14,61.84/15,61.96/12,61.247.64/18,61.247.128/19,61.248/13,66.232.136/21,124/15,125.7.128/18,125.7.192/18,125.31.128/18,125.57/16,125.60/17,125.61/17,125.128/11,125.176/12,125.208.64/18,125.209/18,125.240/13,125.248/14,125.252/18,128.134/16,129.254/16,134.75/16,137.68/16,141.223/16,143.248/16,147.6/16,147.43/16,147.46/15,150.150/16,150.183/16,150.197/16,152.99/16,152.149/16,154.10/16,155.230/16,156.147/16,157.197/16,158.44/16,161.122/16,163.152/16,163.180/16,163.239/16,164.124/15,165.132/15,165.141/16,165.186/16,165.194/16,165.213/16,165.229/16,165.243/16,165.244/16,165.246/16,166.79/16,166.103/16,166.104/16,166.125/16,168.78/16,168.115/16,168.126/16,168.131/16,168.154/16,168.188/16,168.219/16,168.248/15,169.140/16,192.5.90/24,192.100.2/24,192.104.15/24,192.132.15/24,192.132.247/24,192.132.248/22,192.195.39/24,192.195.40/24,192.203.138/23,192.203.140/22,192.203.144/23,192.203.146/24,192.245.249/24,192.245.250/23,192.249.16/20,198.178.187/24,202.6.95/24,202.14.103/24,202.14.165/24,202.20.82/23,202.20.84/23,202.20.86/24,202.20.99/24,202.20.119/24,202.20.128/17,202.21/21,202.30/15,202.73.132/22,202.86.8/21,202.126.112/21,202.133.16/20,202.136.112/20,202.136.128/19,202.150.48/20,202.150.176/20,202.158.144/20,202.167.208/20,202.179.176/21,202.189.128/18,203.81.128/19,203.82.240/21,203.83.128/19,203.90.32/19,203.100.160/19,203.109/19,203.123.192/19,203.128.160/19,203.128.192/19,203.130.96/19,203.132.160/19,203.142.160/19,203.152.160/19,203.160.8/21,203.170.96/19,203.171.160/19,203.173.96/19,203.224/11,210.16.192/18,210.80.96/19,210.90/15,210.92/14,210.96/11,210.178/15,210.180/14,210.204/14,210.210.192/18,210.216/13,211.32/11,211.104/13,211.112/13,211.168/13,211.176/12,211.192/10,218.36/14,218.48/13,218.101.128/17,218.144/12,218.209/16,218.232/13,219.240/15,219.248/13,220.64/13,220.72/13,220.80/13,220.88/14,220.92/14,220.103/16,220.116/14,220.120/13,220.149/16,220.230/16,221.132.64/19,221.133.128/18,221.138/15,221.140/14,221.144/12,221.160/13,221.168/16,221.168/16,222.96/12,222.112/13,222.120/15,222.122/16,222.231/18,222.232/13} 
table <IANA-RESERVED-RFC1918> const {0/8,1/8,2/8,5/8,7/8,10/8,23/8,27/8,31/8,36/8,37/8,39/8,42/8,77/8,78/8,79/8,92/8,93/8,94/8,95/8,96/8,97/8,98/8,99/8,100/8,101/8,102/8,103/8,104/8,105/8,106/8,107/8,108/8,109/8,110/8,111/8,112/8,113/8,114/8,115/8,116/8,117/8,118/8,119/8,120/8,121/8,122/8,123/8,127/8,172.16/12,173/8,174/8,175/8,176/8,177/8,178/8,179/8,180/8,181/8,182/8,183/8,184/8,185/8,186/8,187/8,192.168/16,197/8,223/8,224/4,240/4}

# options
set block-policy drop
set loginterface $ext_if
set optimization aggressive
set timeout interval 10
set timeout frag 30
set limit { frags 5000, states 2500 }
set fingerprints "/etc/pf.os"
set state-policy if-bound
scrub in on $ext_if all

# queueing
altq on $ext_if priq bandwidth 680Kb queue { q_pri, q_def }
queue q_pri priority 7
queue q_def priority 1 priq(default)

# nat/rdr
nat on $ext_if from ($int_if)/24 to any -> ($ext_if)
nat-anchor "ftp-proxy/*"
rdr-anchor "ftp-proxy/*"
rdr pass on $int_if proto tcp to port ftp -> 127.0.0.1 port 8021

# filter rules
block all
pass quick on $lo_if all
antispoof for {$lo_if, $int_if, $ext_if }
pass quick on $int_if all

anchor "ftp-proxy/*"

block  in log quick on $ext_if from { <IANA-RESERVED-RFC1918> } to any
block  in log quick on $ext_if from { <KOREA> } to any
block  in log quick on $ext_if from { <CHINA> } to any
block out log quick on $ext_if from any to { <IANA-RESERVED-RFC1918> } 
block out log quick on $ext_if from any to { <KOREA> }
block out log quick on $ext_if from any to { <CHINA> } 
block drop in quick on $ext_if from $priv_nets to any
block drop out quick on $ext_if from any to $priv_nets

pass in on $ext_if inet proto tcp from port 20 to ($ext_if) user proxy flags S/SA keep state
pass in on $ext_if inet proto tcp from 192.168.1.5 to ($ext_if) port $tcp_services flags S/SA keep state

pass out on $ext_if proto tcp from $ext_if to any flags S/SA keep state queue (q_def, q_pri)
#pass in  on $ext_if proto tcp from any to $ext_if flags S/SA keep state queue (q_def, q_pri)

pass out on $ext_if proto { udp, icmp } all keep state