--- wikisrc/users/imil/cheatsheet.mdwn	2012/07/25 21:26:34	1.7
+++ wikisrc/users/imil/cheatsheet.mdwn	2012/07/25 21:32:43	1.8
@@ -52,6 +52,21 @@ media 100baseTX up
 inet6 2001:dead:beef:1::1 prefixlen 64
 """]]
 
+## Very basic pf rules for NAT and firewalling
+
+[[!template  id=programlisting text="""
+$ cat /etc/pf.conf
+ext_if="sip0"
+int_if="re0"
+
+nat on $ext_if from !($ext_if) -> ($ext_if:0)
+
+# allow outgoing traffic (S/A is implied)
+pass out on $ext_if
+# block all incoming traffic
+block in log on $ext_if
+"""]]
+
 ## Upgrade the system with binaries
 
 [[!template  id=programlisting text="""