##############################
# General configuration for pf
##############################
set hostid 0x02dc9fec
set state-policy if-bound
set limit table-entries 400000
set optimization normal
set limit states 812000
set limit src-nodes 812000

##############################
# Aliases used by the firewall
##############################
# System-defined aliases for interfaces
loopback = "{ lo0 }"
WAN = "{ lagg0.4090 }"
table <WAN__NETWORK> persist { 193.97.129.0/24 193.97.129.12/32 193.97.129.13/32 193.97.129.100/32 193.97.129.119/32 193.97.129.96/32 193.97.129.113/32 193.97.129.114/32 }
WAN__NETWORK = "<WAN__NETWORK>"
LAN = "{ lagg0.4091 }"
table <LAN__NETWORK> persist { 192.168.128.0/18 }
LAN__NETWORK = "<LAN__NETWORK>"
SF10GNET = "{ ix0 }"
table <OPT1__NETWORK> persist { 192.168.3.0/24 }
OPT1__NETWORK = "<OPT1__NETWORK>"
SFIDMZ = "{ lagg0.4080 }"
table <OPT7__NETWORK> persist { 192.168.1.0/24 }
OPT7__NETWORK = "<OPT7__NETWORK>"
SFITMGMNT = "{ lagg0.4081 }"
table <OPT8__NETWORK> persist { 192.168.254.0/24 }
OPT8__NETWORK = "<OPT8__NETWORK>"
SFWLAN = "{ lagg0.4082 }"
table <OPT9__NETWORK> persist { 192.168.2.0/24 }
OPT9__NETWORK = "<OPT9__NETWORK>"
SFEOLSRV = "{ lagg0.4084 }"
table <OPT11__NETWORK> persist { 192.168.4.0/24 }
OPT11__NETWORK = "<OPT11__NETWORK>"
IPsec = "{ enc0 }"
table <ENC0__NETWORK> persist {  }
ENC0__NETWORK = "<ENC0__NETWORK>"
OpenVPN = "{ openvpn }"
table <OPENVPN__NETWORK> persist {  }
OPENVPN__NETWORK = "<OPENVPN__NETWORK>"

# System-defined aliases available to the user
table <bogons> persist file "/etc/bogons"
bogons = "<bogons>"
table <bogons> persist file "/etc/bogons"
bogons = "<bogons>"
#SSH Lockout Table
table <sshguard> persist
#Snort tables
table <snort2c>
table <virusprot>
_nexus_vpn_port_ = "{  }"
table <vpn_networks> { 10.40.30.0/24 }
table <negate_networks> { 10.40.30.0/24 }
table <_loopback4_> {   127.0.0.0/8 }
_loopback4_ = "<_loopback4_>"
table <_loopback6_> {   ::1/128 }
_loopback6_ = "<_loopback6_>"
table <_loopback46_> {    127.0.0.0/8   ::1/128 }
_loopback46_ = "<_loopback46_>"
table <_linklocal4_> {   169.254.0.0/16 }
_linklocal4_ = "<_linklocal4_>"
table <_linklocal6_> {   fe80::/10 }
_linklocal6_ = "<_linklocal6_>"
table <_linklocal46_> {    169.254.0.0/16   fe80::/10 }
_linklocal46_ = "<_linklocal46_>"
table <_private4_> {   10.0.0.0/8  172.16.0.0/12  192.168.0.0/16 }
_private4_ = "<_private4_>"
table <_private6_> {   fc00::/7 }
_private6_ = "<_private6_>"
table <_private46_> {    10.0.0.0/8  172.16.0.0/12  192.168.0.0/16   fc00::/7 }
_private46_ = "<_private46_>"
table <_multicast4_> {   224.0.0.0/4 }
_multicast4_ = "<_multicast4_>"
table <_multicast6_> {   ff00::/8 }
_multicast6_ = "<_multicast6_>"
table <_multicast46_> {    224.0.0.0/4   ff00::/8 }
_multicast46_ = "<_multicast46_>"
table <_reserved4_> {   0.0.0.0/8  10.0.0.0/8  100.64.0.0/10  127.0.0.0/8  169.254.0.0/16  172.16.0.0/12  192.0.0.0/24  192.0.2.0/24  192.88.99.0/24  192.168.0.0/16  198.18.0.0/15  198.51.100.0/24  203.0.113.0/24  224.0.0.0/4  240.0.0.0/4  255.255.255.255/32 }
_reserved4_ = "<_reserved4_>"
table <_reserved6_> {   ::1/128  ::/128  ::ffff:0:0/96  64:ff9b::/96  64:ff9b:1::/48  100::/64  2001::/23  2001:2::/48  2001:db8::/32  2002::/16  3fff::/20  5f00::/16  fc00::/7  fe80::/10  ff00::/8 }
_reserved6_ = "<_reserved6_>"
table <_reserved46_> {    0.0.0.0/8  10.0.0.0/8  100.64.0.0/10  127.0.0.0/8  169.254.0.0/16  172.16.0.0/12  192.0.0.0/24  192.0.2.0/24  192.88.99.0/24  192.168.0.0/16  198.18.0.0/15  198.51.100.0/24  203.0.113.0/24  224.0.0.0/4  240.0.0.0/4  255.255.255.255/32   ::1/128  ::/128  ::ffff:0:0/96  64:ff9b::/96  64:ff9b:1::/48  100::/64  2001::/23  2001:2::/48  2001:db8::/32  2002::/16  3fff::/20  5f00::/16  fc00::/7  fe80::/10  ff00::/8 }
_reserved46_ = "<_reserved46_>"
table <_nat64reserved_> {   64:ff9b::0/104  64:ff9b::a00:0/104  64:ff9b::6440:0/106  64:ff9b::7f00:0/104  64:ff9b::a9fe:0/112  64:ff9b::ac10:0/108  64:ff9b::c000:0/120  64:ff9b::c000:200/120  64:ff9b::c058:6300/120  64:ff9b::c0a8:0/112  64:ff9b::c612:0/111  64:ff9b::c633:6400/120  64:ff9b::cb00:7100/120  64:ff9b::e000:0/100  64:ff9b::f000:0/100  64:ff9b::ffff:ffff/128 }
_nat64reserved_ = "<_nat64reserved_>"

# User-defined aliases
AVPorts = "{   22  1344  4369  5672  6150  6379  7074:7077  7081  7083  8080  8443  27017  32002  48652  389  636 }"
table <AVSrv> {   192.168.160.2 }
AVSrv = "<AVSrv>"
BACULA_PORTS = "{   9101  9102  9103 }"
BarracudaVPNGRE = "{   47 }"
BarracudaVPNTCP = "{   22  25  53  80  443  1723  8000  8443  691  692 }"
BarracudaVPNUDP = "{   53  123  500  4500  691  692 }"
table <Drucker> {   192.168.140.1  192.168.140.3 }
Drucker = "<Drucker>"
DRUCKER_PORTS = "{   631  9100 }"
table <grpITMgmtAllowed> {   192.168.130.109  192.168.130.111 }
grpITMgmtAllowed = "<grpITMgmtAllowed>"
table <IPATSchmalzAllowedFromSF> {   10.40.30.27  10.40.30.30  10.40.30.31  10.40.30.32  10.40.30.34  10.40.30.50  10.40.30.51 }
IPATSchmalzAllowedFromSF = "<IPATSchmalzAllowedFromSF>"
table <IPiDMZatSFAllowedtoSchmalz> {   192.168.1.161  192.168.1.162 }
IPiDMZatSFAllowedtoSchmalz = "<IPiDMZatSFAllowedtoSchmalz>"
table <ITMgmtSrv> {   192.168.254.111 }
ITMgmtSrv = "<ITMgmtSrv>"
nfsv4_Ports = "{   2049 }"
nfs_3und4_Ports = "{   111  624  2049 }"
table <OPSISrv> {   192.168.129.170 }
OPSISrv = "<OPSISrv>"
PBS_PORTS = "{   8007  22 }"
PortsIPsec = "{   500  4500 }"
PROXMOX_PORTS = "{   8006  22 }"
table <Prox_Backup> {   192.168.160.100 }
Prox_Backup = "<Prox_Backup>"
table <prox_itmgmt> {   192.168.254.99 }
prox_itmgmt = "<prox_itmgmt>"
table <prox_oedmz_1> {   193.97.129.200 }
prox_oedmz_1 = "<prox_oedmz_1>"
table <qnap> {   192.168.160.201 }
qnap = "<qnap>"
table <RFC1918> {   192.168.0.0/16  172.16.0.0/12  10.0.0.0/8 }
RFC1918 = "<RFC1918>"
table <SambaSrv> {   192.168.160.1  192.168.160.11 }
SambaSrv = "<SambaSrv>"
SAMBA_PORTS = "{   445  139 }"
table <sfi_bareos> {   192.168.3.112 }
sfi_bareos = "<sfi_bareos>"
table <sfi_nas> {   192.168.160.4 }
sfi_nas = "<sfi_nas>"
table <sfi_rdpsrv> {   193.97.129.98 }
sfi_rdpsrv = "<sfi_rdpsrv>"
table <sfi_texas> {   192.168.160.5 }
sfi_texas = "<sfi_texas>"
table <sfi_vm> {   192.168.160.18 }
sfi_vm = "<sfi_vm>"
table <sfi_web> {   193.97.129.99 }
sfi_web = "<sfi_web>"
table <sf_sprung_CAD_kisten> {   192.168.1.151  192.168.1.158 }
sf_sprung_CAD_kisten = "<sf_sprung_CAD_kisten>"
table <sf_sprung_se_Kisten> {   192.168.1.75  192.168.1.150  192.168.1.154  192.168.1.155  192.168.1.156  192.168.1.157 }
sf_sprung_se_Kisten = "<sf_sprung_se_Kisten>"
table <smaug_wan> {   193.97.129.89 }
smaug_wan = "<smaug_wan>"
table <VaireHW> {   192.168.3.99 }
VaireHW = "<VaireHW>"
table <VLAN_ALL> {   192.168.10.0  192.168.10.1  192.168.10.2  192.168.10.3  192.168.10.4  192.168.10.5  192.168.10.6  192.168.10.7  192.168.10.8  192.168.10.9  192.168.10.10  192.168.10.11  192.168.10.12  192.168.10.13  192.168.10.14  192.168.10.15  192.168.10.16  192.168.10.17  192.168.10.18  192.168.10.19  192.168.10.20  192.168.10.21  192.168.10.22  192.168.10.23  192.168.10.24  192.168.10.25  192.168.10.26  192.168.10.27  192.168.10.28  192.168.10.29  192.168.10.30  192.168.10.31  192.168.10.32  192.168.10.33  192.168.10.34  192.168.10.35  192.168.10.36  192.168.10.37  192.168.10.38  192.168.10.39  192.168.10.40  192.168.10.41  192.168.10.42  192.168.10.43  192.168.10.44  192.168.10.45  192.168.10.46  192.168.10.47  192.168.10.48  192.168.10.49  192.168.10.50  192.168.10.51  192.168.10.52  192.168.10.53  192.168.10.54  192.168.10.55  192.168.10.56  192.168.10.57  192.168.10.58  192.168.10.59  192.168.10.60  192.168.10.61  192.168.10.62  192.168.10.63  192.168.10.64  192.168.10.65  192.168.10.66  192.168.10.67  192.168.10.68  192.168.10.69  192.168.10.70  192.168.10.71  192.168.10.72  192.168.10.73  192.168.10.74  192.168.10.75  192.168.10.76  192.168.10.77  192.168.10.78  192.168.10.79  192.168.10.80  192.168.10.81  192.168.10.82  192.168.10.83  192.168.10.84  192.168.10.85  192.168.10.86  192.168.10.87  192.168.10.88  192.168.10.89  192.168.10.90  192.168.10.91  192.168.10.92  192.168.10.93  192.168.10.94  192.168.10.95  192.168.10.96  192.168.10.97  192.168.10.98  192.168.10.99  192.168.10.100  192.168.10.101  192.168.10.102  192.168.10.103  192.168.10.104  192.168.10.105  192.168.10.106  192.168.10.107  192.168.10.108  192.168.10.109  192.168.10.110  192.168.10.111  192.168.10.112  192.168.10.113  192.168.10.114  192.168.10.115  192.168.10.116  192.168.10.117  192.168.10.118  192.168.10.119  192.168.10.120  192.168.10.121  192.168.10.122  192.168.10.123  192.168.10.124  192.168.10.125  192.168.10.126  192.168.10.127  192.168.10.128  192.168.10.129  192.168.10.130  192.168.10.131  192.168.10.132  192.168.10.133  192.168.10.134  192.168.10.135  192.168.10.136  192.168.10.137  192.168.10.138  192.168.10.139  192.168.10.140  192.168.10.141  192.168.10.142  192.168.10.143  192.168.10.144  192.168.10.145  192.168.10.146  192.168.10.147  192.168.10.148  192.168.10.149  192.168.10.150  192.168.10.151  192.168.10.152  192.168.10.153  192.168.10.154  192.168.10.155  192.168.10.156  192.168.10.157  192.168.10.158  192.168.10.159  192.168.10.160  192.168.10.161  192.168.10.162  192.168.10.163  192.168.10.164  192.168.10.165  192.168.10.166  192.168.10.167  192.168.10.168  192.168.10.169  192.168.10.170  192.168.10.171  192.168.10.172  192.168.10.173  192.168.10.174  192.168.10.175  192.168.10.176  192.168.10.177  192.168.10.178  192.168.10.179  192.168.10.180  192.168.10.181  192.168.10.182  192.168.10.183  192.168.10.184  192.168.10.185  192.168.10.186  192.168.10.187  192.168.10.188  192.168.10.189  192.168.10.190  192.168.10.191  192.168.10.192  192.168.10.193  192.168.10.194  192.168.10.195  192.168.10.196  192.168.10.197  192.168.10.198  192.168.10.199  192.168.10.200  192.168.10.201  192.168.10.202  192.168.10.203  192.168.10.204  192.168.10.205  192.168.10.206  192.168.10.207  192.168.10.208  192.168.10.209  192.168.10.210  192.168.10.211  192.168.10.212  192.168.10.213  192.168.10.214  192.168.10.215  192.168.10.216  192.168.10.217  192.168.10.218  192.168.10.219  192.168.10.220  192.168.10.221  192.168.10.222  192.168.10.223  192.168.10.224  192.168.10.225  192.168.10.226  192.168.10.227  192.168.10.228  192.168.10.229  192.168.10.230  192.168.10.231  192.168.10.232  192.168.10.233  192.168.10.234  192.168.10.235  192.168.10.236  192.168.10.237  192.168.10.238  192.168.10.239  192.168.10.240  192.168.10.241  192.168.10.242  192.168.10.243  192.168.10.244  192.168.10.245  192.168.10.246  192.168.10.247  192.168.10.248  192.168.10.249  192.168.10.250  192.168.10.251  192.168.10.252  192.168.10.253  192.168.10.254  192.168.10.255  192.168.20.0  192.168.20.1  192.168.20.2 \
192.168.20.3  192.168.20.4  192.168.20.5  192.168.20.6  192.168.20.7  192.168.20.8  192.168.20.9  192.168.20.10  192.168.20.11  192.168.20.12  192.168.20.13  192.168.20.14  192.168.20.15  192.168.20.16  192.168.20.17  192.168.20.18  192.168.20.19  192.168.20.20  192.168.20.21  192.168.20.22  192.168.20.23  192.168.20.24  192.168.20.25  192.168.20.26  192.168.20.27  192.168.20.28  192.168.20.29  192.168.20.30  192.168.20.31  192.168.20.32  192.168.20.33  192.168.20.34  192.168.20.35  192.168.20.36  192.168.20.37  192.168.20.38  192.168.20.39  192.168.20.40  192.168.20.41  192.168.20.42  192.168.20.43  192.168.20.44  192.168.20.45  192.168.20.46  192.168.20.47  192.168.20.48  192.168.20.49  192.168.20.50  192.168.20.51  192.168.20.52  192.168.20.53  192.168.20.54  192.168.20.55  192.168.20.56  192.168.20.57  192.168.20.58  192.168.20.59  192.168.20.60  192.168.20.61  192.168.20.62  192.168.20.63  192.168.20.64  192.168.20.65  192.168.20.66  192.168.20.67  192.168.20.68  192.168.20.69  192.168.20.70  192.168.20.71  192.168.20.72  192.168.20.73  192.168.20.74  192.168.20.75  192.168.20.76  192.168.20.77  192.168.20.78  192.168.20.79  192.168.20.80  192.168.20.81  192.168.20.82  192.168.20.83  192.168.20.84  192.168.20.85  192.168.20.86  192.168.20.87  192.168.20.88  192.168.20.89  192.168.20.90  192.168.20.91  192.168.20.92  192.168.20.93  192.168.20.94  192.168.20.95  192.168.20.96  192.168.20.97  192.168.20.98  192.168.20.99  192.168.20.100  192.168.20.101  192.168.20.102  192.168.20.103  192.168.20.104  192.168.20.105  192.168.20.106  192.168.20.107  192.168.20.108  192.168.20.109  192.168.20.110  192.168.20.111  192.168.20.112  192.168.20.113  192.168.20.114  192.168.20.115  192.168.20.116  192.168.20.117  192.168.20.118  192.168.20.119  192.168.20.120  192.168.20.121  192.168.20.122  192.168.20.123  192.168.20.124  192.168.20.125  192.168.20.126  192.168.20.127  192.168.20.128  192.168.20.129  192.168.20.130  192.168.20.131  192.168.20.132  192.168.20.133  192.168.20.134  192.168.20.135  192.168.20.136  192.168.20.137  192.168.20.138  192.168.20.139  192.168.20.140  192.168.20.141  192.168.20.142  192.168.20.143  192.168.20.144  192.168.20.145  192.168.20.146  192.168.20.147  192.168.20.148  192.168.20.149  192.168.20.150  192.168.20.151  192.168.20.152  192.168.20.153  192.168.20.154  192.168.20.155  192.168.20.156  192.168.20.157  192.168.20.158  192.168.20.159  192.168.20.160  192.168.20.161  192.168.20.162  192.168.20.163  192.168.20.164  192.168.20.165  192.168.20.166  192.168.20.167  192.168.20.168  192.168.20.169  192.168.20.170  192.168.20.171  192.168.20.172  192.168.20.173  192.168.20.174  192.168.20.175  192.168.20.176  192.168.20.177  192.168.20.178  192.168.20.179  192.168.20.180  192.168.20.181  192.168.20.182  192.168.20.183  192.168.20.184  192.168.20.185  192.168.20.186  192.168.20.187  192.168.20.188  192.168.20.189  192.168.20.190  192.168.20.191  192.168.20.192  192.168.20.193  192.168.20.194  192.168.20.195  192.168.20.196  192.168.20.197  192.168.20.198  192.168.20.199  192.168.20.200  192.168.20.201  192.168.20.202  192.168.20.203  192.168.20.204  192.168.20.205  192.168.20.206  192.168.20.207  192.168.20.208  192.168.20.209  192.168.20.210  192.168.20.211  192.168.20.212  192.168.20.213  192.168.20.214  192.168.20.215  192.168.20.216  192.168.20.217  192.168.20.218  192.168.20.219  192.168.20.220  192.168.20.221  192.168.20.222  192.168.20.223  192.168.20.224  192.168.20.225  192.168.20.226  192.168.20.227  192.168.20.228  192.168.20.229  192.168.20.230  192.168.20.231  192.168.20.232  192.168.20.233  192.168.20.234  192.168.20.235  192.168.20.236  192.168.20.237  192.168.20.238  192.168.20.239  192.168.20.240  192.168.20.241  192.168.20.242  192.168.20.243  192.168.20.244  192.168.20.245  192.168.20.246  192.168.20.247  192.168.20.248  192.168.20.249  192.168.20.250  192.168.20.251  192.168.20.252  192.168.20.253  192.168.20.254  192.168.20.255  192.168.30.0  192.168.30.1  192.168.30.2  192.168.30.3  192.168.30.4  192.168.30.5 \
192.168.30.6  192.168.30.7  192.168.30.8  192.168.30.9  192.168.30.10  192.168.30.11  192.168.30.12  192.168.30.13  192.168.30.14  192.168.30.15  192.168.30.16  192.168.30.17  192.168.30.18  192.168.30.19  192.168.30.20  192.168.30.21  192.168.30.22  192.168.30.23  192.168.30.24  192.168.30.25  192.168.30.26  192.168.30.27  192.168.30.28  192.168.30.29  192.168.30.30  192.168.30.31  192.168.30.32  192.168.30.33  192.168.30.34  192.168.30.35  192.168.30.36  192.168.30.37  192.168.30.38  192.168.30.39  192.168.30.40  192.168.30.41  192.168.30.42  192.168.30.43  192.168.30.44  192.168.30.45  192.168.30.46  192.168.30.47  192.168.30.48  192.168.30.49  192.168.30.50  192.168.30.51  192.168.30.52  192.168.30.53  192.168.30.54  192.168.30.55  192.168.30.56  192.168.30.57  192.168.30.58  192.168.30.59  192.168.30.60  192.168.30.61  192.168.30.62  192.168.30.63  192.168.30.64  192.168.30.65  192.168.30.66  192.168.30.67  192.168.30.68  192.168.30.69  192.168.30.70  192.168.30.71  192.168.30.72  192.168.30.73  192.168.30.74  192.168.30.75  192.168.30.76  192.168.30.77  192.168.30.78  192.168.30.79  192.168.30.80  192.168.30.81  192.168.30.82  192.168.30.83  192.168.30.84  192.168.30.85  192.168.30.86  192.168.30.87  192.168.30.88  192.168.30.89  192.168.30.90  192.168.30.91  192.168.30.92  192.168.30.93  192.168.30.94  192.168.30.95  192.168.30.96  192.168.30.97  192.168.30.98  192.168.30.99  192.168.30.100  192.168.30.101  192.168.30.102  192.168.30.103  192.168.30.104  192.168.30.105  192.168.30.106  192.168.30.107  192.168.30.108  192.168.30.109  192.168.30.110  192.168.30.111  192.168.30.112  192.168.30.113  192.168.30.114  192.168.30.115  192.168.30.116  192.168.30.117  192.168.30.118  192.168.30.119  192.168.30.120  192.168.30.121  192.168.30.122  192.168.30.123  192.168.30.124  192.168.30.125  192.168.30.126  192.168.30.127  192.168.30.128  192.168.30.129  192.168.30.130  192.168.30.131  192.168.30.132  192.168.30.133  192.168.30.134  192.168.30.135  192.168.30.136  192.168.30.137  192.168.30.138  192.168.30.139  192.168.30.140  192.168.30.141  192.168.30.142  192.168.30.143  192.168.30.144  192.168.30.145  192.168.30.146  192.168.30.147  192.168.30.148  192.168.30.149  192.168.30.150  192.168.30.151  192.168.30.152  192.168.30.153  192.168.30.154  192.168.30.155  192.168.30.156  192.168.30.157  192.168.30.158  192.168.30.159  192.168.30.160  192.168.30.161  192.168.30.162  192.168.30.163  192.168.30.164  192.168.30.165  192.168.30.166  192.168.30.167  192.168.30.168  192.168.30.169  192.168.30.170  192.168.30.171  192.168.30.172  192.168.30.173  192.168.30.174  192.168.30.175  192.168.30.176  192.168.30.177  192.168.30.178  192.168.30.179  192.168.30.180  192.168.30.181  192.168.30.182  192.168.30.183  192.168.30.184  192.168.30.185  192.168.30.186  192.168.30.187  192.168.30.188  192.168.30.189  192.168.30.190  192.168.30.191  192.168.30.192  192.168.30.193  192.168.30.194  192.168.30.195  192.168.30.196  192.168.30.197  192.168.30.198  192.168.30.199  192.168.30.200  192.168.30.201  192.168.30.202  192.168.30.203  192.168.30.204  192.168.30.205  192.168.30.206  192.168.30.207  192.168.30.208  192.168.30.209  192.168.30.210  192.168.30.211  192.168.30.212  192.168.30.213  192.168.30.214  192.168.30.215  192.168.30.216  192.168.30.217  192.168.30.218  192.168.30.219  192.168.30.220  192.168.30.221  192.168.30.222  192.168.30.223  192.168.30.224  192.168.30.225  192.168.30.226  192.168.30.227  192.168.30.228  192.168.30.229  192.168.30.230  192.168.30.231  192.168.30.232  192.168.30.233  192.168.30.234  192.168.30.235  192.168.30.236  192.168.30.237  192.168.30.238  192.168.30.239  192.168.30.240  192.168.30.241  192.168.30.242  192.168.30.243  192.168.30.244  192.168.30.245  192.168.30.246  192.168.30.247  192.168.30.248  192.168.30.249  192.168.30.250  192.168.30.251  192.168.30.252  192.168.30.253  192.168.30.254  192.168.30.255  192.168.40.0  192.168.40.1  192.168.40.2  192.168.40.3  192.168.40.4  192.168.40.5  192.168.40.6  192.168.40.7  192.168.40.8 \
192.168.40.9  192.168.40.10  192.168.40.11  192.168.40.12  192.168.40.13  192.168.40.14  192.168.40.15  192.168.40.16  192.168.40.17  192.168.40.18  192.168.40.19  192.168.40.20  192.168.40.21  192.168.40.22  192.168.40.23  192.168.40.24  192.168.40.25  192.168.40.26  192.168.40.27  192.168.40.28  192.168.40.29  192.168.40.30  192.168.40.31  192.168.40.32  192.168.40.33  192.168.40.34  192.168.40.35  192.168.40.36  192.168.40.37  192.168.40.38  192.168.40.39  192.168.40.40  192.168.40.41  192.168.40.42  192.168.40.43  192.168.40.44  192.168.40.45  192.168.40.46  192.168.40.47  192.168.40.48  192.168.40.49  192.168.40.50  192.168.40.51  192.168.40.52  192.168.40.53  192.168.40.54  192.168.40.55  192.168.40.56  192.168.40.57  192.168.40.58  192.168.40.59  192.168.40.60  192.168.40.61  192.168.40.62  192.168.40.63  192.168.40.64  192.168.40.65  192.168.40.66  192.168.40.67  192.168.40.68  192.168.40.69  192.168.40.70  192.168.40.71  192.168.40.72  192.168.40.73  192.168.40.74  192.168.40.75  192.168.40.76  192.168.40.77  192.168.40.78  192.168.40.79  192.168.40.80  192.168.40.81  192.168.40.82  192.168.40.83  192.168.40.84  192.168.40.85  192.168.40.86  192.168.40.87  192.168.40.88  192.168.40.89  192.168.40.90  192.168.40.91  192.168.40.92  192.168.40.93  192.168.40.94  192.168.40.95  192.168.40.96  192.168.40.97  192.168.40.98  192.168.40.99  192.168.40.100  192.168.40.101  192.168.40.102  192.168.40.103  192.168.40.104  192.168.40.105  192.168.40.106  192.168.40.107  192.168.40.108  192.168.40.109  192.168.40.110  192.168.40.111  192.168.40.112  192.168.40.113  192.168.40.114  192.168.40.115  192.168.40.116  192.168.40.117  192.168.40.118  192.168.40.119  192.168.40.120  192.168.40.121  192.168.40.122  192.168.40.123  192.168.40.124  192.168.40.125  192.168.40.126  192.168.40.127  192.168.40.128  192.168.40.129  192.168.40.130  192.168.40.131  192.168.40.132  192.168.40.133  192.168.40.134  192.168.40.135  192.168.40.136  192.168.40.137  192.168.40.138  192.168.40.139  192.168.40.140  192.168.40.141  192.168.40.142  192.168.40.143  192.168.40.144  192.168.40.145  192.168.40.146  192.168.40.147  192.168.40.148  192.168.40.149  192.168.40.150  192.168.40.151  192.168.40.152  192.168.40.153  192.168.40.154  192.168.40.155  192.168.40.156  192.168.40.157  192.168.40.158  192.168.40.159  192.168.40.160  192.168.40.161  192.168.40.162  192.168.40.163  192.168.40.164  192.168.40.165  192.168.40.166  192.168.40.167  192.168.40.168  192.168.40.169  192.168.40.170  192.168.40.171  192.168.40.172  192.168.40.173  192.168.40.174  192.168.40.175  192.168.40.176  192.168.40.177  192.168.40.178  192.168.40.179  192.168.40.180  192.168.40.181  192.168.40.182  192.168.40.183  192.168.40.184  192.168.40.185  192.168.40.186  192.168.40.187  192.168.40.188  192.168.40.189  192.168.40.190  192.168.40.191  192.168.40.192  192.168.40.193  192.168.40.194  192.168.40.195  192.168.40.196  192.168.40.197  192.168.40.198  192.168.40.199  192.168.40.200  192.168.40.201  192.168.40.202  192.168.40.203  192.168.40.204  192.168.40.205  192.168.40.206  192.168.40.207  192.168.40.208  192.168.40.209  192.168.40.210  192.168.40.211  192.168.40.212  192.168.40.213  192.168.40.214  192.168.40.215  192.168.40.216  192.168.40.217  192.168.40.218  192.168.40.219  192.168.40.220  192.168.40.221  192.168.40.222  192.168.40.223  192.168.40.224  192.168.40.225  192.168.40.226  192.168.40.227  192.168.40.228  192.168.40.229  192.168.40.230  192.168.40.231  192.168.40.232  192.168.40.233  192.168.40.234  192.168.40.235  192.168.40.236  192.168.40.237  192.168.40.238  192.168.40.239  192.168.40.240  192.168.40.241  192.168.40.242  192.168.40.243  192.168.40.244  192.168.40.245  192.168.40.246  192.168.40.247  192.168.40.248  192.168.40.249  192.168.40.250  192.168.40.251  192.168.40.252  192.168.40.253  192.168.40.254  192.168.40.255  192.168.50.0  192.168.50.1  192.168.50.2  192.168.50.3  192.168.50.4  192.168.50.5  192.168.50.6  192.168.50.7  192.168.50.8  192.168.50.9  192.168.50.10  192.168.50.11 \
192.168.50.12  192.168.50.13  192.168.50.14  192.168.50.15  192.168.50.16  192.168.50.17  192.168.50.18  192.168.50.19  192.168.50.20  192.168.50.21  192.168.50.22  192.168.50.23  192.168.50.24  192.168.50.25  192.168.50.26  192.168.50.27  192.168.50.28  192.168.50.29  192.168.50.30  192.168.50.31  192.168.50.32  192.168.50.33  192.168.50.34  192.168.50.35  192.168.50.36  192.168.50.37  192.168.50.38  192.168.50.39  192.168.50.40  192.168.50.41  192.168.50.42  192.168.50.43  192.168.50.44  192.168.50.45  192.168.50.46  192.168.50.47  192.168.50.48  192.168.50.49  192.168.50.50  192.168.50.51  192.168.50.52  192.168.50.53  192.168.50.54  192.168.50.55  192.168.50.56  192.168.50.57  192.168.50.58  192.168.50.59  192.168.50.60  192.168.50.61  192.168.50.62  192.168.50.63  192.168.50.64  192.168.50.65  192.168.50.66  192.168.50.67  192.168.50.68  192.168.50.69  192.168.50.70  192.168.50.71  192.168.50.72  192.168.50.73  192.168.50.74  192.168.50.75  192.168.50.76  192.168.50.77  192.168.50.78  192.168.50.79  192.168.50.80  192.168.50.81  192.168.50.82  192.168.50.83  192.168.50.84  192.168.50.85  192.168.50.86  192.168.50.87  192.168.50.88  192.168.50.89  192.168.50.90  192.168.50.91  192.168.50.92  192.168.50.93  192.168.50.94  192.168.50.95  192.168.50.96  192.168.50.97  192.168.50.98  192.168.50.99  192.168.50.100  192.168.50.101  192.168.50.102  192.168.50.103  192.168.50.104  192.168.50.105  192.168.50.106  192.168.50.107  192.168.50.108  192.168.50.109  192.168.50.110  192.168.50.111  192.168.50.112  192.168.50.113  192.168.50.114  192.168.50.115  192.168.50.116  192.168.50.117  192.168.50.118  192.168.50.119  192.168.50.120  192.168.50.121  192.168.50.122  192.168.50.123  192.168.50.124  192.168.50.125  192.168.50.126  192.168.50.127  192.168.50.128  192.168.50.129  192.168.50.130  192.168.50.131  192.168.50.132  192.168.50.133  192.168.50.134  192.168.50.135  192.168.50.136  192.168.50.137  192.168.50.138  192.168.50.139  192.168.50.140  192.168.50.141  192.168.50.142  192.168.50.143  192.168.50.144  192.168.50.145  192.168.50.146  192.168.50.147  192.168.50.148  192.168.50.149  192.168.50.150  192.168.50.151  192.168.50.152  192.168.50.153  192.168.50.154  192.168.50.155  192.168.50.156  192.168.50.157  192.168.50.158  192.168.50.159  192.168.50.160  192.168.50.161  192.168.50.162  192.168.50.163  192.168.50.164  192.168.50.165  192.168.50.166  192.168.50.167  192.168.50.168  192.168.50.169  192.168.50.170  192.168.50.171  192.168.50.172  192.168.50.173  192.168.50.174  192.168.50.175  192.168.50.176  192.168.50.177  192.168.50.178  192.168.50.179  192.168.50.180  192.168.50.181  192.168.50.182  192.168.50.183  192.168.50.184  192.168.50.185  192.168.50.186  192.168.50.187  192.168.50.188  192.168.50.189  192.168.50.190  192.168.50.191  192.168.50.192  192.168.50.193  192.168.50.194  192.168.50.195  192.168.50.196  192.168.50.197  192.168.50.198  192.168.50.199  192.168.50.200  192.168.50.201  192.168.50.202  192.168.50.203  192.168.50.204  192.168.50.205  192.168.50.206  192.168.50.207  192.168.50.208  192.168.50.209  192.168.50.210  192.168.50.211  192.168.50.212  192.168.50.213  192.168.50.214  192.168.50.215  192.168.50.216  192.168.50.217  192.168.50.218  192.168.50.219  192.168.50.220  192.168.50.221  192.168.50.222  192.168.50.223  192.168.50.224  192.168.50.225  192.168.50.226  192.168.50.227  192.168.50.228  192.168.50.229  192.168.50.230  192.168.50.231  192.168.50.232  192.168.50.233  192.168.50.234  192.168.50.235  192.168.50.236  192.168.50.237  192.168.50.238  192.168.50.239  192.168.50.240  192.168.50.241  192.168.50.242  192.168.50.243  192.168.50.244  192.168.50.245  192.168.50.246  192.168.50.247  192.168.50.248  192.168.50.249  192.168.50.250  192.168.50.251  192.168.50.252  192.168.50.253  192.168.50.254  192.168.50.255  192.168.60.0  192.168.60.1  192.168.60.2  192.168.60.3  192.168.60.4  192.168.60.5  192.168.60.6  192.168.60.7  192.168.60.8  192.168.60.9  192.168.60.10  192.168.60.11  192.168.60.12  192.168.60.13  192.168.60.14 \
192.168.60.15  192.168.60.16  192.168.60.17  192.168.60.18  192.168.60.19  192.168.60.20  192.168.60.21  192.168.60.22  192.168.60.23  192.168.60.24  192.168.60.25  192.168.60.26  192.168.60.27  192.168.60.28  192.168.60.29  192.168.60.30  192.168.60.31  192.168.60.32  192.168.60.33  192.168.60.34  192.168.60.35  192.168.60.36  192.168.60.37  192.168.60.38  192.168.60.39  192.168.60.40  192.168.60.41  192.168.60.42  192.168.60.43  192.168.60.44  192.168.60.45  192.168.60.46  192.168.60.47  192.168.60.48  192.168.60.49  192.168.60.50  192.168.60.51  192.168.60.52  192.168.60.53  192.168.60.54  192.168.60.55  192.168.60.56  192.168.60.57  192.168.60.58  192.168.60.59  192.168.60.60  192.168.60.61  192.168.60.62  192.168.60.63  192.168.60.64  192.168.60.65  192.168.60.66  192.168.60.67  192.168.60.68  192.168.60.69  192.168.60.70  192.168.60.71  192.168.60.72  192.168.60.73  192.168.60.74  192.168.60.75  192.168.60.76  192.168.60.77  192.168.60.78  192.168.60.79  192.168.60.80  192.168.60.81  192.168.60.82  192.168.60.83  192.168.60.84  192.168.60.85  192.168.60.86  192.168.60.87  192.168.60.88  192.168.60.89  192.168.60.90  192.168.60.91  192.168.60.92  192.168.60.93  192.168.60.94  192.168.60.95  192.168.60.96  192.168.60.97  192.168.60.98  192.168.60.99  192.168.60.100  192.168.60.101  192.168.60.102  192.168.60.103  192.168.60.104  192.168.60.105  192.168.60.106  192.168.60.107  192.168.60.108  192.168.60.109  192.168.60.110  192.168.60.111  192.168.60.112  192.168.60.113  192.168.60.114  192.168.60.115  192.168.60.116  192.168.60.117  192.168.60.118  192.168.60.119  192.168.60.120  192.168.60.121  192.168.60.122  192.168.60.123  192.168.60.124  192.168.60.125  192.168.60.126  192.168.60.127  192.168.60.128  192.168.60.129  192.168.60.130  192.168.60.131  192.168.60.132  192.168.60.133  192.168.60.134  192.168.60.135  192.168.60.136  192.168.60.137  192.168.60.138  192.168.60.139  192.168.60.140  192.168.60.141  192.168.60.142  192.168.60.143  192.168.60.144  192.168.60.145  192.168.60.146  192.168.60.147  192.168.60.148  192.168.60.149  192.168.60.150  192.168.60.151  192.168.60.152  192.168.60.153  192.168.60.154  192.168.60.155  192.168.60.156  192.168.60.157  192.168.60.158  192.168.60.159  192.168.60.160  192.168.60.161  192.168.60.162  192.168.60.163  192.168.60.164  192.168.60.165  192.168.60.166  192.168.60.167  192.168.60.168  192.168.60.169  192.168.60.170  192.168.60.171  192.168.60.172  192.168.60.173  192.168.60.174  192.168.60.175  192.168.60.176  192.168.60.177  192.168.60.178  192.168.60.179  192.168.60.180  192.168.60.181  192.168.60.182  192.168.60.183  192.168.60.184  192.168.60.185  192.168.60.186  192.168.60.187  192.168.60.188  192.168.60.189  192.168.60.190  192.168.60.191  192.168.60.192  192.168.60.193  192.168.60.194  192.168.60.195  192.168.60.196  192.168.60.197  192.168.60.198  192.168.60.199  192.168.60.200  192.168.60.201  192.168.60.202  192.168.60.203  192.168.60.204  192.168.60.205  192.168.60.206  192.168.60.207  192.168.60.208  192.168.60.209  192.168.60.210  192.168.60.211  192.168.60.212  192.168.60.213  192.168.60.214  192.168.60.215  192.168.60.216  192.168.60.217  192.168.60.218  192.168.60.219  192.168.60.220  192.168.60.221  192.168.60.222  192.168.60.223  192.168.60.224  192.168.60.225  192.168.60.226  192.168.60.227  192.168.60.228  192.168.60.229  192.168.60.230  192.168.60.231  192.168.60.232  192.168.60.233  192.168.60.234  192.168.60.235  192.168.60.236  192.168.60.237  192.168.60.238  192.168.60.239  192.168.60.240  192.168.60.241  192.168.60.242  192.168.60.243  192.168.60.244  192.168.60.245  192.168.60.246  192.168.60.247  192.168.60.248  192.168.60.249  192.168.60.250  192.168.60.251  192.168.60.252  192.168.60.253  192.168.60.254  192.168.60.255  192.168.70.0  192.168.70.1  192.168.70.2  192.168.70.3  192.168.70.4  192.168.70.5  192.168.70.6  192.168.70.7  192.168.70.8  192.168.70.9  192.168.70.10  192.168.70.11  192.168.70.12  192.168.70.13  192.168.70.14  192.168.70.15  192.168.70.16  192.168.70.17 \
192.168.70.18  192.168.70.19  192.168.70.20  192.168.70.21  192.168.70.22  192.168.70.23  192.168.70.24  192.168.70.25  192.168.70.26  192.168.70.27  192.168.70.28  192.168.70.29  192.168.70.30  192.168.70.31  192.168.70.32  192.168.70.33  192.168.70.34  192.168.70.35  192.168.70.36  192.168.70.37  192.168.70.38  192.168.70.39  192.168.70.40  192.168.70.41  192.168.70.42  192.168.70.43  192.168.70.44  192.168.70.45  192.168.70.46  192.168.70.47  192.168.70.48  192.168.70.49  192.168.70.50  192.168.70.51  192.168.70.52  192.168.70.53  192.168.70.54  192.168.70.55  192.168.70.56  192.168.70.57  192.168.70.58  192.168.70.59  192.168.70.60  192.168.70.61  192.168.70.62  192.168.70.63  192.168.70.64  192.168.70.65  192.168.70.66  192.168.70.67  192.168.70.68  192.168.70.69  192.168.70.70  192.168.70.71  192.168.70.72  192.168.70.73  192.168.70.74  192.168.70.75  192.168.70.76  192.168.70.77  192.168.70.78  192.168.70.79  192.168.70.80  192.168.70.81  192.168.70.82  192.168.70.83  192.168.70.84  192.168.70.85  192.168.70.86  192.168.70.87  192.168.70.88  192.168.70.89  192.168.70.90  192.168.70.91  192.168.70.92  192.168.70.93  192.168.70.94  192.168.70.95  192.168.70.96  192.168.70.97  192.168.70.98  192.168.70.99  192.168.70.100  192.168.70.101  192.168.70.102  192.168.70.103  192.168.70.104  192.168.70.105  192.168.70.106  192.168.70.107  192.168.70.108  192.168.70.109  192.168.70.110  192.168.70.111  192.168.70.112  192.168.70.113  192.168.70.114  192.168.70.115  192.168.70.116  192.168.70.117  192.168.70.118  192.168.70.119  192.168.70.120  192.168.70.121  192.168.70.122  192.168.70.123  192.168.70.124  192.168.70.125  192.168.70.126  192.168.70.127  192.168.70.128  192.168.70.129  192.168.70.130  192.168.70.131  192.168.70.132  192.168.70.133  192.168.70.134  192.168.70.135  192.168.70.136  192.168.70.137  192.168.70.138  192.168.70.139  192.168.70.140  192.168.70.141  192.168.70.142  192.168.70.143  192.168.70.144  192.168.70.145  192.168.70.146  192.168.70.147  192.168.70.148  192.168.70.149  192.168.70.150  192.168.70.151  192.168.70.152  192.168.70.153  192.168.70.154  192.168.70.155  192.168.70.156  192.168.70.157  192.168.70.158  192.168.70.159  192.168.70.160  192.168.70.161  192.168.70.162  192.168.70.163  192.168.70.164  192.168.70.165  192.168.70.166  192.168.70.167  192.168.70.168  192.168.70.169  192.168.70.170  192.168.70.171  192.168.70.172  192.168.70.173  192.168.70.174  192.168.70.175  192.168.70.176  192.168.70.177  192.168.70.178  192.168.70.179  192.168.70.180  192.168.70.181  192.168.70.182  192.168.70.183  192.168.70.184  192.168.70.185  192.168.70.186  192.168.70.187  192.168.70.188  192.168.70.189  192.168.70.190  192.168.70.191  192.168.70.192  192.168.70.193  192.168.70.194  192.168.70.195  192.168.70.196  192.168.70.197  192.168.70.198  192.168.70.199  192.168.70.200  192.168.70.201  192.168.70.202  192.168.70.203  192.168.70.204  192.168.70.205  192.168.70.206  192.168.70.207  192.168.70.208  192.168.70.209  192.168.70.210  192.168.70.211  192.168.70.212  192.168.70.213  192.168.70.214  192.168.70.215  192.168.70.216  192.168.70.217  192.168.70.218  192.168.70.219  192.168.70.220  192.168.70.221  192.168.70.222  192.168.70.223  192.168.70.224  192.168.70.225  192.168.70.226  192.168.70.227  192.168.70.228  192.168.70.229  192.168.70.230  192.168.70.231  192.168.70.232  192.168.70.233  192.168.70.234  192.168.70.235  192.168.70.236  192.168.70.237  192.168.70.238  192.168.70.239  192.168.70.240  192.168.70.241  192.168.70.242  192.168.70.243  192.168.70.244  192.168.70.245  192.168.70.246  192.168.70.247  192.168.70.248  192.168.70.249  192.168.70.250  192.168.70.251  192.168.70.252  192.168.70.253  192.168.70.254  192.168.70.255  192.168.80.0  192.168.80.1  192.168.80.2  192.168.80.3  192.168.80.4  192.168.80.5  192.168.80.6  192.168.80.7  192.168.80.8  192.168.80.9  192.168.80.10  192.168.80.11  192.168.80.12  192.168.80.13  192.168.80.14  192.168.80.15  192.168.80.16  192.168.80.17  192.168.80.18  192.168.80.19  192.168.80.20 \
192.168.80.21  192.168.80.22  192.168.80.23  192.168.80.24  192.168.80.25  192.168.80.26  192.168.80.27  192.168.80.28  192.168.80.29  192.168.80.30  192.168.80.31  192.168.80.32  192.168.80.33  192.168.80.34  192.168.80.35  192.168.80.36  192.168.80.37  192.168.80.38  192.168.80.39  192.168.80.40  192.168.80.41  192.168.80.42  192.168.80.43  192.168.80.44  192.168.80.45  192.168.80.46  192.168.80.47  192.168.80.48  192.168.80.49  192.168.80.50  192.168.80.51  192.168.80.52  192.168.80.53  192.168.80.54  192.168.80.55  192.168.80.56  192.168.80.57  192.168.80.58  192.168.80.59  192.168.80.60  192.168.80.61  192.168.80.62  192.168.80.63  192.168.80.64  192.168.80.65  192.168.80.66  192.168.80.67  192.168.80.68  192.168.80.69  192.168.80.70  192.168.80.71  192.168.80.72  192.168.80.73  192.168.80.74  192.168.80.75  192.168.80.76  192.168.80.77  192.168.80.78  192.168.80.79  192.168.80.80  192.168.80.81  192.168.80.82  192.168.80.83  192.168.80.84  192.168.80.85  192.168.80.86  192.168.80.87  192.168.80.88  192.168.80.89  192.168.80.90  192.168.80.91  192.168.80.92  192.168.80.93  192.168.80.94  192.168.80.95  192.168.80.96  192.168.80.97  192.168.80.98  192.168.80.99  192.168.80.100  192.168.80.101  192.168.80.102  192.168.80.103  192.168.80.104  192.168.80.105  192.168.80.106  192.168.80.107  192.168.80.108  192.168.80.109  192.168.80.110  192.168.80.111  192.168.80.112  192.168.80.113  192.168.80.114  192.168.80.115  192.168.80.116  192.168.80.117  192.168.80.118  192.168.80.119  192.168.80.120  192.168.80.121  192.168.80.122  192.168.80.123  192.168.80.124  192.168.80.125  192.168.80.126  192.168.80.127  192.168.80.128  192.168.80.129  192.168.80.130  192.168.80.131  192.168.80.132  192.168.80.133  192.168.80.134  192.168.80.135  192.168.80.136  192.168.80.137  192.168.80.138  192.168.80.139  192.168.80.140  192.168.80.141  192.168.80.142  192.168.80.143  192.168.80.144  192.168.80.145  192.168.80.146  192.168.80.147  192.168.80.148  192.168.80.149  192.168.80.150  192.168.80.151  192.168.80.152  192.168.80.153  192.168.80.154  192.168.80.155  192.168.80.156  192.168.80.157  192.168.80.158  192.168.80.159  192.168.80.160  192.168.80.161  192.168.80.162  192.168.80.163  192.168.80.164  192.168.80.165  192.168.80.166  192.168.80.167  192.168.80.168  192.168.80.169  192.168.80.170  192.168.80.171  192.168.80.172  192.168.80.173  192.168.80.174  192.168.80.175  192.168.80.176  192.168.80.177  192.168.80.178  192.168.80.179  192.168.80.180  192.168.80.181  192.168.80.182  192.168.80.183  192.168.80.184  192.168.80.185  192.168.80.186  192.168.80.187  192.168.80.188  192.168.80.189  192.168.80.190  192.168.80.191  192.168.80.192  192.168.80.193  192.168.80.194  192.168.80.195  192.168.80.196  192.168.80.197  192.168.80.198  192.168.80.199  192.168.80.200  192.168.80.201  192.168.80.202  192.168.80.203  192.168.80.204  192.168.80.205  192.168.80.206  192.168.80.207  192.168.80.208  192.168.80.209  192.168.80.210  192.168.80.211  192.168.80.212  192.168.80.213  192.168.80.214  192.168.80.215  192.168.80.216  192.168.80.217  192.168.80.218  192.168.80.219  192.168.80.220  192.168.80.221  192.168.80.222  192.168.80.223  192.168.80.224  192.168.80.225  192.168.80.226  192.168.80.227  192.168.80.228  192.168.80.229  192.168.80.230  192.168.80.231  192.168.80.232  192.168.80.233  192.168.80.234  192.168.80.235  192.168.80.236  192.168.80.237  192.168.80.238  192.168.80.239  192.168.80.240  192.168.80.241  192.168.80.242  192.168.80.243  192.168.80.244  192.168.80.245  192.168.80.246  192.168.80.247  192.168.80.248  192.168.80.249  192.168.80.250  192.168.80.251  192.168.80.252  192.168.80.253  192.168.80.254  192.168.80.255  192.168.90.0  192.168.90.1  192.168.90.2  192.168.90.3  192.168.90.4  192.168.90.5  192.168.90.6  192.168.90.7  192.168.90.8  192.168.90.9  192.168.90.10  192.168.90.11  192.168.90.12  192.168.90.13  192.168.90.14  192.168.90.15  192.168.90.16  192.168.90.17  192.168.90.18  192.168.90.19  192.168.90.20  192.168.90.21  192.168.90.22  192.168.90.23 \
192.168.90.24  192.168.90.25  192.168.90.26  192.168.90.27  192.168.90.28  192.168.90.29  192.168.90.30  192.168.90.31  192.168.90.32  192.168.90.33  192.168.90.34  192.168.90.35  192.168.90.36  192.168.90.37  192.168.90.38  192.168.90.39  192.168.90.40  192.168.90.41  192.168.90.42  192.168.90.43  192.168.90.44  192.168.90.45  192.168.90.46  192.168.90.47  192.168.90.48  192.168.90.49  192.168.90.50  192.168.90.51  192.168.90.52  192.168.90.53  192.168.90.54  192.168.90.55  192.168.90.56  192.168.90.57  192.168.90.58  192.168.90.59  192.168.90.60  192.168.90.61  192.168.90.62  192.168.90.63  192.168.90.64  192.168.90.65  192.168.90.66  192.168.90.67  192.168.90.68  192.168.90.69  192.168.90.70  192.168.90.71  192.168.90.72  192.168.90.73  192.168.90.74  192.168.90.75  192.168.90.76  192.168.90.77  192.168.90.78  192.168.90.79  192.168.90.80  192.168.90.81  192.168.90.82  192.168.90.83  192.168.90.84  192.168.90.85  192.168.90.86  192.168.90.87  192.168.90.88  192.168.90.89  192.168.90.90  192.168.90.91  192.168.90.92  192.168.90.93  192.168.90.94  192.168.90.95  192.168.90.96  192.168.90.97  192.168.90.98  192.168.90.99  192.168.90.100  192.168.90.101  192.168.90.102  192.168.90.103  192.168.90.104  192.168.90.105  192.168.90.106  192.168.90.107  192.168.90.108  192.168.90.109  192.168.90.110  192.168.90.111  192.168.90.112  192.168.90.113  192.168.90.114  192.168.90.115  192.168.90.116  192.168.90.117  192.168.90.118  192.168.90.119  192.168.90.120  192.168.90.121  192.168.90.122  192.168.90.123  192.168.90.124  192.168.90.125  192.168.90.126  192.168.90.127  192.168.90.128  192.168.90.129  192.168.90.130  192.168.90.131  192.168.90.132  192.168.90.133  192.168.90.134  192.168.90.135  192.168.90.136  192.168.90.137  192.168.90.138  192.168.90.139  192.168.90.140  192.168.90.141  192.168.90.142  192.168.90.143  192.168.90.144  192.168.90.145  192.168.90.146  192.168.90.147  192.168.90.148  192.168.90.149  192.168.90.150  192.168.90.151  192.168.90.152  192.168.90.153  192.168.90.154  192.168.90.155  192.168.90.156  192.168.90.157  192.168.90.158  192.168.90.159  192.168.90.160  192.168.90.161  192.168.90.162  192.168.90.163  192.168.90.164  192.168.90.165  192.168.90.166  192.168.90.167  192.168.90.168  192.168.90.169  192.168.90.170  192.168.90.171  192.168.90.172  192.168.90.173  192.168.90.174  192.168.90.175  192.168.90.176  192.168.90.177  192.168.90.178  192.168.90.179  192.168.90.180  192.168.90.181  192.168.90.182  192.168.90.183  192.168.90.184  192.168.90.185  192.168.90.186  192.168.90.187  192.168.90.188  192.168.90.189  192.168.90.190  192.168.90.191  192.168.90.192  192.168.90.193  192.168.90.194  192.168.90.195  192.168.90.196  192.168.90.197  192.168.90.198  192.168.90.199  192.168.90.200  192.168.90.201  192.168.90.202  192.168.90.203  192.168.90.204  192.168.90.205  192.168.90.206  192.168.90.207  192.168.90.208  192.168.90.209  192.168.90.210  192.168.90.211  192.168.90.212  192.168.90.213  192.168.90.214  192.168.90.215  192.168.90.216  192.168.90.217  192.168.90.218  192.168.90.219  192.168.90.220  192.168.90.221  192.168.90.222  192.168.90.223  192.168.90.224  192.168.90.225  192.168.90.226  192.168.90.227  192.168.90.228  192.168.90.229  192.168.90.230  192.168.90.231  192.168.90.232  192.168.90.233  192.168.90.234  192.168.90.235  192.168.90.236  192.168.90.237  192.168.90.238  192.168.90.239  192.168.90.240  192.168.90.241  192.168.90.242  192.168.90.243  192.168.90.244  192.168.90.245  192.168.90.246  192.168.90.247  192.168.90.248  192.168.90.249  192.168.90.250  192.168.90.251  192.168.90.252  192.168.90.253  192.168.90.254  192.168.90.255  192.168.100.0  192.168.100.1  192.168.100.2  192.168.100.3  192.168.100.4  192.168.100.5  192.168.100.6  192.168.100.7  192.168.100.8  192.168.100.9  192.168.100.10  192.168.100.11  192.168.100.12  192.168.100.13  192.168.100.14  192.168.100.15  192.168.100.16  192.168.100.17  192.168.100.18  192.168.100.19  192.168.100.20  192.168.100.21  192.168.100.22  192.168.100.23  192.168.100.24 \
192.168.100.25  192.168.100.26  192.168.100.27  192.168.100.28  192.168.100.29  192.168.100.30  192.168.100.31  192.168.100.32  192.168.100.33  192.168.100.34  192.168.100.35  192.168.100.36  192.168.100.37  192.168.100.38  192.168.100.39  192.168.100.40  192.168.100.41  192.168.100.42  192.168.100.43  192.168.100.44  192.168.100.45  192.168.100.46  192.168.100.47  192.168.100.48  192.168.100.49  192.168.100.50  192.168.100.51  192.168.100.52  192.168.100.53  192.168.100.54  192.168.100.55  192.168.100.56  192.168.100.57  192.168.100.58  192.168.100.59  192.168.100.60  192.168.100.61  192.168.100.62  192.168.100.63  192.168.100.64  192.168.100.65  192.168.100.66  192.168.100.67  192.168.100.68  192.168.100.69  192.168.100.70  192.168.100.71  192.168.100.72  192.168.100.73  192.168.100.74  192.168.100.75  192.168.100.76  192.168.100.77  192.168.100.78  192.168.100.79  192.168.100.80  192.168.100.81  192.168.100.82  192.168.100.83  192.168.100.84  192.168.100.85  192.168.100.86  192.168.100.87  192.168.100.88  192.168.100.89  192.168.100.90  192.168.100.91  192.168.100.92  192.168.100.93  192.168.100.94  192.168.100.95  192.168.100.96  192.168.100.97  192.168.100.98  192.168.100.99  192.168.100.100  192.168.100.101  192.168.100.102  192.168.100.103  192.168.100.104  192.168.100.105  192.168.100.106  192.168.100.107  192.168.100.108  192.168.100.109  192.168.100.110  192.168.100.111  192.168.100.112  192.168.100.113  192.168.100.114  192.168.100.115  192.168.100.116  192.168.100.117  192.168.100.118  192.168.100.119  192.168.100.120  192.168.100.121  192.168.100.122  192.168.100.123  192.168.100.124  192.168.100.125  192.168.100.126  192.168.100.127  192.168.100.128  192.168.100.129  192.168.100.130  192.168.100.131  192.168.100.132  192.168.100.133  192.168.100.134  192.168.100.135  192.168.100.136  192.168.100.137  192.168.100.138  192.168.100.139  192.168.100.140  192.168.100.141  192.168.100.142  192.168.100.143  192.168.100.144  192.168.100.145  192.168.100.146  192.168.100.147  192.168.100.148  192.168.100.149  192.168.100.150  192.168.100.151  192.168.100.152  192.168.100.153  192.168.100.154  192.168.100.155  192.168.100.156  192.168.100.157  192.168.100.158  192.168.100.159  192.168.100.160  192.168.100.161  192.168.100.162  192.168.100.163  192.168.100.164  192.168.100.165  192.168.100.166  192.168.100.167  192.168.100.168  192.168.100.169  192.168.100.170  192.168.100.171  192.168.100.172  192.168.100.173  192.168.100.174  192.168.100.175  192.168.100.176  192.168.100.177  192.168.100.178  192.168.100.179  192.168.100.180  192.168.100.181  192.168.100.182  192.168.100.183  192.168.100.184  192.168.100.185  192.168.100.186  192.168.100.187  192.168.100.188  192.168.100.189  192.168.100.190  192.168.100.191  192.168.100.192  192.168.100.193  192.168.100.194  192.168.100.195  192.168.100.196  192.168.100.197  192.168.100.198  192.168.100.199  192.168.100.200  192.168.100.201  192.168.100.202  192.168.100.203  192.168.100.204  192.168.100.205  192.168.100.206  192.168.100.207  192.168.100.208  192.168.100.209  192.168.100.210  192.168.100.211  192.168.100.212  192.168.100.213  192.168.100.214  192.168.100.215  192.168.100.216  192.168.100.217  192.168.100.218  192.168.100.219  192.168.100.220  192.168.100.221  192.168.100.222  192.168.100.223  192.168.100.224  192.168.100.225  192.168.100.226  192.168.100.227  192.168.100.228  192.168.100.229  192.168.100.230  192.168.100.231  192.168.100.232  192.168.100.233  192.168.100.234  192.168.100.235  192.168.100.236  192.168.100.237  192.168.100.238  192.168.100.239  192.168.100.240  192.168.100.241  192.168.100.242  192.168.100.243  192.168.100.244  192.168.100.245  192.168.100.246  192.168.100.247  192.168.100.248  192.168.100.249  192.168.100.250  192.168.100.251  192.168.100.252  192.168.100.253  192.168.100.254  192.168.100.255  192.168.110.0  192.168.110.1  192.168.110.2  192.168.110.3  192.168.110.4  192.168.110.5  192.168.110.6  192.168.110.7  192.168.110.8  192.168.110.9  192.168.110.10  192.168.110.11 \
192.168.110.12  192.168.110.13  192.168.110.14  192.168.110.15  192.168.110.16  192.168.110.17  192.168.110.18  192.168.110.19  192.168.110.20  192.168.110.21  192.168.110.22  192.168.110.23  192.168.110.24  192.168.110.25  192.168.110.26  192.168.110.27  192.168.110.28  192.168.110.29  192.168.110.30  192.168.110.31  192.168.110.32  192.168.110.33  192.168.110.34  192.168.110.35  192.168.110.36  192.168.110.37  192.168.110.38  192.168.110.39  192.168.110.40  192.168.110.41  192.168.110.42  192.168.110.43  192.168.110.44  192.168.110.45  192.168.110.46  192.168.110.47  192.168.110.48  192.168.110.49  192.168.110.50  192.168.110.51  192.168.110.52  192.168.110.53  192.168.110.54  192.168.110.55  192.168.110.56  192.168.110.57  192.168.110.58  192.168.110.59  192.168.110.60  192.168.110.61  192.168.110.62  192.168.110.63  192.168.110.64  192.168.110.65  192.168.110.66  192.168.110.67  192.168.110.68  192.168.110.69  192.168.110.70  192.168.110.71  192.168.110.72  192.168.110.73  192.168.110.74  192.168.110.75  192.168.110.76  192.168.110.77  192.168.110.78  192.168.110.79  192.168.110.80  192.168.110.81  192.168.110.82  192.168.110.83  192.168.110.84  192.168.110.85  192.168.110.86  192.168.110.87  192.168.110.88  192.168.110.89  192.168.110.90  192.168.110.91  192.168.110.92  192.168.110.93  192.168.110.94  192.168.110.95  192.168.110.96  192.168.110.97  192.168.110.98  192.168.110.99  192.168.110.100  192.168.110.101  192.168.110.102  192.168.110.103  192.168.110.104  192.168.110.105  192.168.110.106  192.168.110.107  192.168.110.108  192.168.110.109  192.168.110.110  192.168.110.111  192.168.110.112  192.168.110.113  192.168.110.114  192.168.110.115  192.168.110.116  192.168.110.117  192.168.110.118  192.168.110.119  192.168.110.120  192.168.110.121  192.168.110.122  192.168.110.123  192.168.110.124  192.168.110.125  192.168.110.126  192.168.110.127  192.168.110.128  192.168.110.129  192.168.110.130  192.168.110.131  192.168.110.132  192.168.110.133  192.168.110.134  192.168.110.135  192.168.110.136  192.168.110.137  192.168.110.138  192.168.110.139  192.168.110.140  192.168.110.141  192.168.110.142  192.168.110.143  192.168.110.144  192.168.110.145  192.168.110.146  192.168.110.147  192.168.110.148  192.168.110.149  192.168.110.150  192.168.110.151  192.168.110.152  192.168.110.153  192.168.110.154  192.168.110.155  192.168.110.156  192.168.110.157  192.168.110.158  192.168.110.159  192.168.110.160  192.168.110.161  192.168.110.162  192.168.110.163  192.168.110.164  192.168.110.165  192.168.110.166  192.168.110.167  192.168.110.168  192.168.110.169  192.168.110.170  192.168.110.171  192.168.110.172  192.168.110.173  192.168.110.174  192.168.110.175  192.168.110.176  192.168.110.177  192.168.110.178  192.168.110.179  192.168.110.180  192.168.110.181  192.168.110.182  192.168.110.183  192.168.110.184  192.168.110.185  192.168.110.186  192.168.110.187  192.168.110.188  192.168.110.189  192.168.110.190  192.168.110.191  192.168.110.192  192.168.110.193  192.168.110.194  192.168.110.195  192.168.110.196  192.168.110.197  192.168.110.198  192.168.110.199  192.168.110.200  192.168.110.201  192.168.110.202  192.168.110.203  192.168.110.204  192.168.110.205  192.168.110.206  192.168.110.207  192.168.110.208  192.168.110.209  192.168.110.210  192.168.110.211  192.168.110.212  192.168.110.213  192.168.110.214  192.168.110.215  192.168.110.216  192.168.110.217  192.168.110.218  192.168.110.219  192.168.110.220  192.168.110.221  192.168.110.222  192.168.110.223  192.168.110.224  192.168.110.225  192.168.110.226  192.168.110.227  192.168.110.228  192.168.110.229  192.168.110.230  192.168.110.231  192.168.110.232  192.168.110.233  192.168.110.234  192.168.110.235  192.168.110.236  192.168.110.237  192.168.110.238  192.168.110.239  192.168.110.240  192.168.110.241  192.168.110.242  192.168.110.243  192.168.110.244  192.168.110.245  192.168.110.246  192.168.110.247  192.168.110.248  192.168.110.249  192.168.110.250  192.168.110.251  192.168.110.252  192.168.110.253 \
192.168.110.254  192.168.110.255  192.168.120.0  192.168.120.1  192.168.120.2  192.168.120.3  192.168.120.4  192.168.120.5  192.168.120.6  192.168.120.7  192.168.120.8  192.168.120.9  192.168.120.10  192.168.120.11  192.168.120.12  192.168.120.13  192.168.120.14  192.168.120.15  192.168.120.16  192.168.120.17  192.168.120.18  192.168.120.19  192.168.120.20  192.168.120.21  192.168.120.22  192.168.120.23  192.168.120.24  192.168.120.25  192.168.120.26  192.168.120.27  192.168.120.28  192.168.120.29  192.168.120.30  192.168.120.31  192.168.120.32  192.168.120.33  192.168.120.34  192.168.120.35  192.168.120.36  192.168.120.37  192.168.120.38  192.168.120.39  192.168.120.40  192.168.120.41  192.168.120.42  192.168.120.43  192.168.120.44  192.168.120.45  192.168.120.46  192.168.120.47  192.168.120.48  192.168.120.49  192.168.120.50  192.168.120.51  192.168.120.52  192.168.120.53  192.168.120.54  192.168.120.55  192.168.120.56  192.168.120.57  192.168.120.58  192.168.120.59  192.168.120.60  192.168.120.61  192.168.120.62  192.168.120.63  192.168.120.64  192.168.120.65  192.168.120.66  192.168.120.67  192.168.120.68  192.168.120.69  192.168.120.70  192.168.120.71  192.168.120.72  192.168.120.73  192.168.120.74  192.168.120.75  192.168.120.76  192.168.120.77  192.168.120.78  192.168.120.79  192.168.120.80  192.168.120.81  192.168.120.82  192.168.120.83  192.168.120.84  192.168.120.85  192.168.120.86  192.168.120.87  192.168.120.88  192.168.120.89  192.168.120.90  192.168.120.91  192.168.120.92  192.168.120.93  192.168.120.94  192.168.120.95  192.168.120.96  192.168.120.97  192.168.120.98  192.168.120.99  192.168.120.100  192.168.120.101  192.168.120.102  192.168.120.103  192.168.120.104  192.168.120.105  192.168.120.106  192.168.120.107  192.168.120.108  192.168.120.109  192.168.120.110  192.168.120.111  192.168.120.112  192.168.120.113  192.168.120.114  192.168.120.115  192.168.120.116  192.168.120.117  192.168.120.118  192.168.120.119  192.168.120.120  192.168.120.121  192.168.120.122  192.168.120.123  192.168.120.124  192.168.120.125  192.168.120.126  192.168.120.127  192.168.120.128  192.168.120.129  192.168.120.130  192.168.120.131  192.168.120.132  192.168.120.133  192.168.120.134  192.168.120.135  192.168.120.136  192.168.120.137  192.168.120.138  192.168.120.139  192.168.120.140  192.168.120.141  192.168.120.142  192.168.120.143  192.168.120.144  192.168.120.145  192.168.120.146  192.168.120.147  192.168.120.148  192.168.120.149  192.168.120.150  192.168.120.151  192.168.120.152  192.168.120.153  192.168.120.154  192.168.120.155  192.168.120.156  192.168.120.157  192.168.120.158  192.168.120.159  192.168.120.160  192.168.120.161  192.168.120.162  192.168.120.163  192.168.120.164  192.168.120.165  192.168.120.166  192.168.120.167  192.168.120.168  192.168.120.169  192.168.120.170  192.168.120.171  192.168.120.172  192.168.120.173  192.168.120.174  192.168.120.175  192.168.120.176  192.168.120.177  192.168.120.178  192.168.120.179  192.168.120.180  192.168.120.181  192.168.120.182  192.168.120.183  192.168.120.184  192.168.120.185  192.168.120.186  192.168.120.187  192.168.120.188  192.168.120.189  192.168.120.190  192.168.120.191  192.168.120.192  192.168.120.193  192.168.120.194  192.168.120.195  192.168.120.196  192.168.120.197  192.168.120.198  192.168.120.199  192.168.120.200  192.168.120.201  192.168.120.202  192.168.120.203  192.168.120.204  192.168.120.205  192.168.120.206  192.168.120.207  192.168.120.208  192.168.120.209  192.168.120.210  192.168.120.211  192.168.120.212  192.168.120.213  192.168.120.214  192.168.120.215  192.168.120.216  192.168.120.217  192.168.120.218  192.168.120.219  192.168.120.220  192.168.120.221  192.168.120.222  192.168.120.223  192.168.120.224  192.168.120.225  192.168.120.226  192.168.120.227  192.168.120.228  192.168.120.229  192.168.120.230  192.168.120.231  192.168.120.232  192.168.120.233  192.168.120.234  192.168.120.235  192.168.120.236  192.168.120.237  192.168.120.238  192.168.120.239  192.168.120.240 \
192.168.120.241  192.168.120.242  192.168.120.243  192.168.120.244  192.168.120.245  192.168.120.246  192.168.120.247  192.168.120.248  192.168.120.249  192.168.120.250  192.168.120.251  192.168.120.252  192.168.120.253  192.168.120.254  192.168.120.255 }
VLAN_ALL = "<VLAN_ALL>"
table <WLANIPs> {   192.168.196.0/24 }
WLANIPs = "<WLANIPs>"

# System gateways
GWWANGW = " route-to ( lagg0.4090 193.97.129.90 ) "
GWRethinkGW = "  "
GWSFWLANGW = " route-to ( lagg0.4082 192.168.2.253 ) "

##########################################
# Interfaces used with pf stats collection
##########################################
set loginterface lagg0.4091

#################################
# Interfaces without pf filtering
#################################
set skip on pfsync0

############################################
# Preserve rule counters across rule updates
############################################
set keepcounters

##########################################
# Required rules for traffic normalization
##########################################
scrub from any to <vpn_networks>   fragment no reassemble
scrub from <vpn_networks> to any   fragment no reassemble
scrub on $WAN inet all    fragment reassemble
scrub on $WAN inet6 all    fragment reassemble
scrub on $LAN inet all    fragment reassemble
scrub on $LAN inet6 all    fragment reassemble
scrub on $SF10GNET inet all    fragment reassemble
scrub on $SF10GNET inet6 all    fragment reassemble
scrub on $SFIDMZ inet all    fragment reassemble
scrub on $SFIDMZ inet6 all    fragment reassemble
scrub on $SFITMGMNT inet all    fragment reassemble
scrub on $SFITMGMNT inet6 all    fragment reassemble
scrub on $SFWLAN inet all    fragment reassemble
scrub on $SFWLAN inet6 all    fragment reassemble
scrub on $SFEOLSRV inet all    fragment reassemble
scrub on $SFEOLSRV inet6 all    fragment reassemble

#######################################
# Rules for Network Address Translation
#######################################
no nat proto carp
no rdr proto carp
nat-anchor "natearly/*"
nat-anchor "natrules/*"

# Outbound NAT rules (manual)
nat on $WAN inet proto tcp from 192.168.160.7/32 to any port 25 -> 193.97.129.100/32 port 1024:65535  # mail von sfsogo auf 193.97.129.100 NATen
no nat on $WAN inet proto tcp from 192.168.128.0/18 to any port 25 # port 25 nicht NATEN

# Outbound NAT rules (automatic)
# Subnets to NAT
table <tonatsubnets> { 127.0.0.0/8 ::1/128 192.168.250.0/24 192.168.196.0/24 192.168.128.0/18 192.168.3.0/24 192.168.1.0/24 192.168.254.0/24 192.168.2.0/24 192.168.4.0/24 192.168.201.0/24 192.168.202.0/24 }
nat on $WAN inet from <tonatsubnets> to any port 500 -> 193.97.129.89/32  static-port
nat on $WAN inet6 from <tonatsubnets> to any port 500 -> (lagg0.4090)  static-port
nat on $WAN inet from <tonatsubnets> to any -> 193.97.129.89/32 port 1024:65535
nat on $WAN inet6 from <tonatsubnets> to any -> (lagg0.4090) port 1024:65535

# NAT rules for the TFTP Proxy service
rdr-anchor "tftp-proxy/*"

# NAT Inbound Redirects
rdr on lagg0.4090 inet proto tcp from 80.151.5.161 to 193.97.129.119 port 80 -> 192.168.1.13
# Reflection redirects
rdr on { lagg0.4091 ix0 lagg0.4080 lagg0.4081 lagg0.4082 lagg0.4084 enc0 openvpn } proto tcp from 80.151.5.161 to 193.97.129.119 port 80 tag PFREFLECT -> 127.0.0.1 port 19000
rdr on lagg0.4090 inet proto tcp from 93.240.133.186 to 193.97.129.119 port 80 -> 192.168.1.13
rdr on lagg0.4090 inet proto udp from 193.97.129.0/24 to $smaug_wan port 123 -> 192.168.160.1
rdr on lagg0.4090 inet proto tcp from $sfi_rdpsrv to $smaug_wan port 22 -> $sfi_texas
rdr on lagg0.4090 inet proto tcp from $sfi_rdpsrv to $smaug_wan port $nfsv4_Ports -> $sfi_texas
rdr on lagg0.4090 inet proto tcp from $sfi_web to $smaug_wan port 22 -> $sfi_texas
rdr on lagg0.4090 inet proto { tcp udp } from $sfi_web to $smaug_wan port $nfs_3und4_Ports -> $sfi_texas
rdr on lagg0.4090 inet proto { tcp udp } from 192.168.4.101 to $smaug_wan port $nfs_3und4_Ports -> $sfi_texas
rdr on lagg0.4090 inet proto tcp from $prox_oedmz_1 to $smaug_wan port 22 -> $sfi_texas
rdr on lagg0.4090 inet proto tcp from $prox_oedmz_1 to $smaug_wan port $nfs_3und4_Ports -> $sfi_texas
rdr on lagg0.4090 inet proto tcp from $prox_oedmz_1 to $smaug_wan port 636 -> 192.168.160.1
rdr on lagg0.4090 inet proto tcp from $prox_oedmz_1 to $smaug_wan port 8007 -> $Prox_Backup
rdr on lagg0.4090 inet proto tcp from $prox_oedmz_1 to 193.97.129.119 port 636 -> 192.168.160.11
rdr on lagg0.4090 inet proto tcp from $prox_oedmz_1 to 193.97.129.12 port 111 -> $qnap
rdr on lagg0.4090 inet proto tcp from $prox_oedmz_1 to 193.97.129.12 port 2049 -> $qnap
rdr on lagg0.4090 inet proto tcp from 212.202.98.22 to 193.97.129.119 port 80 -> 192.168.1.13
rdr on lagg0.4090 inet proto tcp from any to 193.97.129.12 port 8883 -> 192.168.175.117
rdr on lagg0.4090 inet proto tcp from any to 193.97.129.12 port 1883 -> 192.168.175.117
rdr on lagg0.4090 inet proto udp from any to 193.97.129.12 port 3478 -> 192.168.160.8
rdr on lagg0.4090 inet proto { tcp udp } from any to 193.97.129.12 port 5349 -> 192.168.160.8
rdr on lagg0.4090 inet proto udp from any to 193.97.129.12 port 49152:65535 -> 192.168.160.8
rdr on lagg0.4090 inet proto tcp from any to 193.97.129.12 port 8008 -> 192.168.160.8 port 443
rdr on lagg0.4090 inet proto tcp from any to 193.97.129.12 port 8009 -> 192.168.160.8 port 443
rdr on lagg0.4090 inet proto tcp from any to 193.97.129.12 port 8080 -> 192.168.160.2
rdr on lagg0.4090 inet proto tcp from any to 193.97.129.12 port 8443 -> 192.168.160.2
rdr on lagg0.4090 inet proto tcp from any to 193.97.129.12 port 42460 -> 192.168.1.120 port 3389
rdr on lagg0.4090 inet proto tcp from any to 193.97.129.12 port 42461 -> 192.168.1.119 port 3389
rdr on lagg0.4090 inet proto tcp from any to 193.97.129.12 port 42462 -> 192.168.1.151 port 3389
rdr on lagg0.4090 inet proto tcp from any to 193.97.129.12 port 50443 -> 192.168.129.117 port 443
rdr on lagg0.4090 inet proto tcp from any to $smaug_wan port 4443 -> 192.168.180.2 port 8169
# Reflection redirects
rdr on { lagg0.4091 ix0 lagg0.4080 lagg0.4081 lagg0.4082 lagg0.4084 enc0 openvpn } proto tcp from any to $smaug_wan port 4443 tag PFREFLECT -> 127.0.0.1 port 19001
rdr on lagg0.4090 inet proto tcp from any to 193.97.129.96 port 80 -> 192.168.1.126
# Reflection redirects
rdr on { lagg0.4091 ix0 lagg0.4080 lagg0.4081 lagg0.4082 lagg0.4084 enc0 openvpn } proto tcp from any to 193.97.129.96 port 80 tag PFREFLECT -> 127.0.0.1 port 19002
rdr on lagg0.4090 inet proto tcp from any to 193.97.129.96 port 443 -> 192.168.1.126
# Reflection redirects
rdr on { lagg0.4091 ix0 lagg0.4080 lagg0.4081 lagg0.4082 lagg0.4084 enc0 openvpn } proto tcp from any to 193.97.129.96 port 443 tag PFREFLECT -> 127.0.0.1 port 19003
rdr on lagg0.4091 inet proto tcp from any to 193.97.129.96 port 443 -> 192.168.1.126
# Reflection redirects
rdr on { ix0 lagg0.4080 lagg0.4081 lagg0.4082 lagg0.4084 enc0 openvpn } proto tcp from any to 193.97.129.96 port 443 tag PFREFLECT -> 127.0.0.1 port 19004
rdr on lagg0.4090 inet proto tcp from any to 193.97.129.96 port 2019 -> 192.168.1.126
# Reflection redirects
rdr on { lagg0.4091 ix0 lagg0.4080 lagg0.4081 lagg0.4082 lagg0.4084 enc0 openvpn } proto tcp from any to 193.97.129.96 port 2019 tag PFREFLECT -> 127.0.0.1 port 19005
rdr on lagg0.4091 inet proto tcp from any to 193.97.129.96 port 2019 -> 192.168.1.126
# Reflection redirects
rdr on { ix0 lagg0.4080 lagg0.4081 lagg0.4082 lagg0.4084 enc0 openvpn } proto tcp from any to 193.97.129.96 port 2019 tag PFREFLECT -> 127.0.0.1 port 19006
rdr on lagg0.4090 inet proto tcp from any to 193.97.129.100 port 25 -> 192.168.160.7
rdr on lagg0.4090 inet proto tcp from any to 193.97.129.100 port 80 -> 192.168.160.7
rdr on lagg0.4090 inet proto tcp from any to 193.97.129.100 port 443 -> 192.168.160.7
rdr on lagg0.4091 inet proto tcp from any to 193.97.129.100 port 443 -> 192.168.160.7
rdr on lagg0.4090 inet proto tcp from any to 193.97.129.100 port 587 -> 192.168.160.7
rdr on lagg0.4090 inet proto tcp from any to 193.97.129.100 port 993 -> 192.168.160.7
rdr on lagg0.4090 inet proto tcp from any to 193.97.129.113 port 80 -> 192.168.1.165
rdr on lagg0.4090 inet proto tcp from any to 193.97.129.113 port 443 -> 192.168.1.165
rdr on lagg0.4091 inet proto tcp from any to 193.97.129.113 port 443 -> 192.168.1.165
rdr on lagg0.4090 inet proto tcp from any to 193.97.129.114 port 80 -> 192.168.1.166
rdr on lagg0.4090 inet proto tcp from any to 193.97.129.114 port 443 -> 192.168.1.166
rdr on lagg0.4091 inet proto tcp from any to 193.97.129.114 port 443 -> 192.168.1.166
rdr on lagg0.4090 inet proto tcp from any to 193.97.129.89 port 9101 -> 192.168.129.28
rdr on lagg0.4090 inet proto tcp from any to 193.97.129.89 port 9102 -> 192.168.129.28
rdr on lagg0.4090 inet proto tcp from any to 193.97.129.89 port 9103 -> 192.168.129.28

#################################
# Extra rules from OpenVPN RADIUS
#################################
anchor "openvpn/*"

###############################
# Extra rules from IPsec RADIUS
###############################
anchor "ipsec/*"

#################################
# Rules to block all IPv6 packets
#################################
# Allow IPv6 on loopback
pass in  quick on $loopback inet6 all ridentifier 1000000001 label "descr=pass IPv6 loopback"
pass out  quick on $loopback inet6 all ridentifier 1000000002 label "descr=pass IPv6 loopback"
# Block all IPv6
block in log quick inet6 all ridentifier 1000000003 label "descr=Block all IPv6"
block out log quick inet6 all ridentifier 1000000004 label "descr=Block all IPv6"

################################################################
# Rules to block NAT64 translation for non-global IPv4 addresses
################################################################
block in log quick inet6 from any to <_nat64reserved_> ridentifier 1000000005 label "descr=Block NAT64 for non-global IPv4"
block out log quick inet6 from any to <_nat64reserved_> ridentifier 1000000006 label "descr=Block NAT64 for non-global IPv4"

########################################
# Rules to block IPv4 link-local packets
########################################
# Block IPv4 link-local. Per RFC 3927, link local "MUST NOT" be forwarded by
# a routing device, and clients "MUST NOT" send such packets to a router.
# FreeBSD won't route 169.254./16, but route-to can override that, causing
# problems such as in redmine #2073
block in log quick from 169.254.0.0/16 to any ridentifier 1000000101 label "descr=Block IPv4 link-local"
block in log quick from any to 169.254.0.0/16 ridentifier 1000000102 label "descr=Block IPv4 link-local"

#####################################################
# Required rules for the default-deny filter behavior
#####################################################
block in log inet all ridentifier 1000000103 label "descr=Default deny rule IPv4" label "tags=ruleset:7aabba6651490bd3"
block out log inet all ridentifier 1000000104 label "descr=Default deny rule IPv4" label "tags=ruleset:7aabba6651490bd3"
block in log inet6 all ridentifier 1000000105 label "descr=Default deny rule IPv6" label "tags=ruleset:7aabba6651490bd3"
block out log inet6 all ridentifier 1000000106 label "descr=Default deny rule IPv6" label "tags=ruleset:7aabba6651490bd3"

#########################################
# Rules to drop invalid packets on port 0
#########################################
# We use the mighty pf, we cannot be fooled.
block log quick inet proto { tcp, udp } from any port = 0 to any ridentifier 1000000107 label "descr=Block traffic from port 0"
block log quick inet proto { tcp, udp } from any to any port = 0 ridentifier 1000000108 label "descr=Block traffic to port 0"

################################################
# Rules to block packets matched by IDS packages
################################################
block log quick from <snort2c> to any ridentifier 1000000109 label "descr=Block snort2c hosts"
block log quick from any to <snort2c> ridentifier 1000000110 label "descr=Block snort2c hosts"

#######################################################
# Rules for blocklisted hosts accessing the SSH service
#######################################################
block in log quick proto tcp from <sshguard> to (self) port 22 ridentifier 1000000301 label "descr=sshguard"

##################################################
# Rules for blocklisted hosts accessing the WebGUI
##################################################
block in log quick proto tcp from <sshguard> to (self) port 443 ridentifier 1000000351 label "descr=GUI Lockout"

#######################################################
# Rules to block packets matched by anti-virus packages
#######################################################
block in log quick from <virusprot> to any ridentifier 1000000400 label "descr=virusprot overload table"

#################################################
# Rules to prevent DHCP leaks in multi-WAN setups
#################################################
block out quick proto udp from any port = 67 to any port = 68 tagged "dhcpin" ridentifier 1000000451 label "descr=Prevent routing dhcp responses"

#########################
# Default interface rules
#########################
# block bogon networks (IPv4)
# https://www.team-cymru.org/Services/Bogons/bogon-bn-nonagg.txt
block in log quick on $WAN from <bogons> to any ridentifier 11001 label "descr=block bogon IPv4 networks from WAN"

# Required rules for antispoof protection
antispoof log for $WAN ridentifier 1000001471 label "descr=antispoof protection"

# block anything from private networks on interfaces with the option set
block in log quick on $WAN from 10.0.0.0/8 to any ridentifier 12001 label "descr=Block private networks from WAN block 10/8"
block in log quick on $WAN from 127.0.0.0/8 to any ridentifier 12002 label "descr=Block private networks from WAN block 127/8"
block in log quick on $WAN from 172.16.0.0/12 to any ridentifier 12003 label "descr=Block private networks from WAN block 172.16/12"
block in log quick on $WAN from 192.168.0.0/16 to any ridentifier 12004 label "descr=Block private networks from WAN block 192.168/16"
block in log quick on $WAN from fc00::/7 to any ridentifier 12005 label "descr=Block ULA networks from WAN block fc00::/7"

# Required rules for antispoof protection
antispoof log for $LAN ridentifier 1000002521 label "descr=antispoof protection"

# Required rules for antispoof protection
antispoof log for $SF10GNET ridentifier 1000003571 label "descr=antispoof protection"

# allow access to DHCP relay on SF10GNET
pass in  quick on $SF10GNET proto udp from any port = 68 to 255.255.255.255 port = 67 ridentifier 1000003591 label "descr=allow access to DHCP relay"

# Required rules for antispoof protection
antispoof log for $SFIDMZ ridentifier 1000004621 label "descr=antispoof protection"

# allow access to DHCP relay on SFIDMZ
pass in  quick on $SFIDMZ proto udp from any port = 68 to 255.255.255.255 port = 67 ridentifier 1000004641 label "descr=allow access to DHCP relay"

# Required rules for antispoof protection
antispoof log for $SFITMGMNT ridentifier 1000005671 label "descr=antispoof protection"

# allow access to DHCP relay on SFITMGMNT
pass in  quick on $SFITMGMNT proto udp from any port = 68 to 255.255.255.255 port = 67 ridentifier 1000005691 label "descr=allow access to DHCP relay"

# Required rules for antispoof protection
antispoof log for $SFWLAN ridentifier 1000006721 label "descr=antispoof protection"

# allow access to DHCP relay on SFWLAN
pass in  quick on $SFWLAN proto udp from any port = 68 to 255.255.255.255 port = 67 ridentifier 1000006741 label "descr=allow access to DHCP relay"

# Required rules for antispoof protection
antispoof log for $SFEOLSRV ridentifier 1000007771 label "descr=antispoof protection"

# allow access to DHCP relay on SFEOLSRV
pass in  quick on $SFEOLSRV proto udp from any port = 68 to 255.255.255.255 port = 67 ridentifier 1000007791 label "descr=allow access to DHCP relay"

#####################################
# Required rules for loopback traffic
#####################################
pass in  on $loopback inet all ridentifier 1000009911 label "descr=pass IPv4 loopback"
pass out  on $loopback inet all ridentifier 1000009912 label "descr=pass IPv4 loopback"

##########################################################
# Required rules for traffic from the firewall host itself
##########################################################
pass out  inet all keep state allow-opts ridentifier 1000009913 label "descr=let out anything IPv4 from firewall host itself"
pass out  route-to ( lagg0.4090 193.97.129.90 ) from 193.97.129.89 to !193.97.129.0/24 ridentifier 1000010011 keep state allow-opts  label "descr=let out anything from firewall host itself"
pass out  route-to ( lagg0.4090 193.97.129.90 ) from 193.97.129.12 to !193.97.129.0/24 ridentifier 1000010012 keep state allow-opts  label "descr=let out anything from firewall host itself"
pass out  route-to ( lagg0.4090 193.97.129.90 ) from 193.97.129.13 to !193.97.129.0/24 ridentifier 1000010013 keep state allow-opts  label "descr=let out anything from firewall host itself"
pass out  route-to ( lagg0.4090 193.97.129.90 ) from 193.97.129.100 to !193.97.129.0/24 ridentifier 1000010014 keep state allow-opts  label "descr=let out anything from firewall host itself"
pass out  route-to ( lagg0.4090 193.97.129.90 ) from 193.97.129.119 to !193.97.129.0/24 ridentifier 1000010015 keep state allow-opts  label "descr=let out anything from firewall host itself"
pass out  route-to ( lagg0.4090 193.97.129.90 ) from 193.97.129.96 to !193.97.129.0/24 ridentifier 1000010016 keep state allow-opts  label "descr=let out anything from firewall host itself"
pass out  route-to ( lagg0.4090 193.97.129.90 ) from 193.97.129.113 to !193.97.129.0/24 ridentifier 1000010017 keep state allow-opts  label "descr=let out anything from firewall host itself"
pass out  route-to ( lagg0.4090 193.97.129.90 ) from 193.97.129.114 to !193.97.129.0/24 ridentifier 1000010018 keep state allow-opts  label "descr=let out anything from firewall host itself"

############################################
# Required rules for IPsec host connectivity
############################################
pass out  on $IPsec all ridentifier 1000010311 ridentifier 1000010312 keep state  label "descr=IPsec internal host to host"

#######################################################
# Rules to prevent accidental lockout from the firewall
#######################################################
pass in  quick on lagg0.4091 proto tcp from any to (lagg0.4091) port { 443 80 22 } ridentifier 10001 keep state label "descr=anti-lockout rule"

##########################
# Rules for NAT reflection
##########################
pass in  inet tagged PFREFLECT ridentifier 1000010331 keep state label "descr=NAT REFLECT: Allow traffic to localhost"

#######################
# Anchor for user rules
#######################
anchor "userrules/*"

################################################
# User rules for system-defined interface groups
################################################
# Rules for OpenVPN
pass  in  quick  on $OpenVPN inet from any to any ridentifier 1672175133 keep state label "id=1672175133" label "tags=user_rule" label "descr=OpenVPN OpenVPN Clients via SMAUG wizard"
pass  in  quick  on $OpenVPN inet6 from any to any ridentifier 1672175133 keep state label "id=1672175133" label "tags=user_rule" label "descr=OpenVPN OpenVPN Clients via SMAUG wizard"

#####################################
# Interface rules defined by the user
#####################################
# Rules for WAN
pass  in  quick  on $WAN reply-to ( lagg0.4090 193.97.129.90 ) inet proto icmp  from any to $WAN__NETWORK icmp-type trace ridentifier 1438176406 keep state label "id=1438176406" label "tags=user_rule" label "descr=traceroute erlauben für Tracezwecke"
pass  in  quick  on $WAN reply-to ( lagg0.4090 193.97.129.90 ) inet proto icmp  from any to $WAN__NETWORK icmp-type echoreq ridentifier 1438175832 keep state label "id=1438175832" label "tags=user_rule" label "descr=ping erlauben für Tracezwecke"
pass  in  quick  on $WAN reply-to ( lagg0.4090 193.97.129.90 ) inet proto { tcp udp }  from 212.202.98.22 to 193.97.129.89 port 500 ridentifier 1426092632 keep state label "id=1426092632" label "tags=user_rule" label "descr=itmotive"
pass  in  quick  on $WAN reply-to ( lagg0.4090 193.97.129.90 ) inet proto tcp  from 80.151.5.161 to 192.168.1.13 port 80 ridentifier 1658751758 flags S/SA keep state label "id=1658751758" label "tags=user_rule" label "descr=NAT Redirect SF-SAP-WT1202 80 direkt"
pass  in  quick  on $WAN reply-to ( lagg0.4090 193.97.129.90 ) inet proto tcp  from 93.240.133.186 to 192.168.1.13 port 80 ridentifier 1658751788 flags S/SA keep state label "id=1658751788" label "tags=user_rule" label "descr=NAT Redirect SF-SAP-WT1202 80 direkt"
pass  in  quick  on $WAN reply-to ( lagg0.4090 193.97.129.90 ) inet proto tcp  from 212.202.98.22 to 192.168.1.13 port 80 ridentifier 1723639239 flags S/SA keep state label "id=1723639239" label "tags=user_rule" label "descr=NAT Redirect SF-SAP-WT1202 80 direkt"
pass  in  quick  on $WAN reply-to ( lagg0.4090 193.97.129.90 ) inet proto udp  from 193.97.129.0/24 to 192.168.160.1 port 123 ridentifier 1574779145 keep state label "id=1574779145" label "tags=user_rule" label "descr=NAT redirect OEIP-Net NTP 2 sfi-samb4 ntp"
pass  in  quick  on $WAN reply-to ( lagg0.4090 193.97.129.90 ) inet proto tcp  from $sfi_rdpsrv to $sfi_texas port 22 ridentifier 1746539911 flags S/SA keep state label "id=1746539911" label "tags=user_rule" label "descr=NAT redirect ssh 4 Backup von sfi-rdpsrv zu sfi-texas"
pass  in  quick  on $WAN reply-to ( lagg0.4090 193.97.129.90 ) inet proto tcp  from $sfi_rdpsrv to $sfi_texas port $nfsv4_Ports ridentifier 1746539588 flags S/SA keep state label "id=1746539588" label "tags=user_rule" label "descr=NAT redirect NFSv4 von sfi-rdpsrv zu sfi-texas"
pass  in  quick  on $WAN reply-to ( lagg0.4090 193.97.129.90 ) inet proto tcp  from $sfi_web to $sfi_texas port 22 ridentifier 1629130353 flags S/SA keep state label "id=1629130353" label "tags=user_rule" label "descr=NAT redirect ssh 4 Backup von www zu sfi-texas"
pass  in  quick  on $WAN reply-to ( lagg0.4090 193.97.129.90 ) inet proto { tcp udp }  from $sfi_web to $sfi_texas port $nfs_3und4_Ports ridentifier 1536912906 keep state label "id=1536912906" label "tags=user_rule" label "descr=NAT redirect NFS v3 und v4 WEBSERVER zu sfi-texas"
pass  in  quick  on $WAN reply-to ( lagg0.4090 193.97.129.90 ) inet proto tcp  from $prox_oedmz_1 to 192.168.160.1 port 636 ridentifier 1616155899 flags S/SA keep state label "id=1616155899" label "tags=user_rule" label "descr=NAT redirect LDAPS von PROX-IS-oeDMZ-1 zu sfi-samba4"
pass  in  quick  on $WAN reply-to ( lagg0.4090 193.97.129.90 ) inet proto tcp  from $prox_oedmz_1 to $sfi_texas port 22 ridentifier 1737653612 flags S/SA keep state label "id=1737653612" label "tags=user_rule" label "descr=NAT redirect ssh von PROX-IS-oeDMZ-1 zu sfi-texas"
pass  in  quick  on $WAN reply-to ( lagg0.4090 193.97.129.90 ) inet proto tcp  from $prox_oedmz_1 to $sfi_texas port $nfs_3und4_Ports ridentifier 1737654206 flags S/SA keep state label "id=1737654206" label "tags=user_rule" label "descr=NAT redirect NFS v3 und v4 von PROX-IS-oeDMZ-1 zu sfi-..."
pass  in  quick  on $WAN reply-to ( lagg0.4090 193.97.129.90 ) inet proto tcp  from $prox_oedmz_1 to 192.168.160.11 port 636 ridentifier 1633101525 flags S/SA keep state label "id=1633101525" label "tags=user_rule" label "descr=NAT redirect LDAPS von PROX-IS-oeDMZ-1 zu sfi-bdc"
pass  in  quick  on $WAN reply-to ( lagg0.4090 193.97.129.90 ) inet proto tcp  from $prox_oedmz_1 to $qnap port 111 ridentifier 1737653989 flags S/SA keep state label "id=1737653989" label "tags=user_rule" label "descr=NAT redirect NFS portmapper von PROX-IS-oeDMZ-1 zu NAS..."
pass  in  quick  on $WAN reply-to ( lagg0.4090 193.97.129.90 ) inet proto tcp  from $prox_oedmz_1 to $qnap port 2049 ridentifier 1737654004 flags S/SA keep state label "id=1737654004" label "tags=user_rule" label "descr=NAT redirect NFS nfsd von PROX-IS-oeDMZ-1 zu NAS QNAP"
pass  in  quick  on $WAN reply-to ( lagg0.4090 193.97.129.90 ) inet proto tcp  from $prox_oedmz_1 to $Prox_Backup port 8007 ridentifier 1627049090 flags S/SA keep state label "id=1627049090" label "tags=user_rule" label "descr=NAT redirect 8007 von PROX-IS-oeDMZ-1 zu prox-backup"
pass  in  quick  on $WAN reply-to ( lagg0.4090 193.97.129.90 ) inet proto { tcp udp }  from any to 192.168.1.42 port 3389 ridentifier 1463043326 keep state label "id=1463043326" label "tags=user_rule" label "descr=NAT rdp redirect lorenz-integ"
pass  in  quick  on $WAN reply-to ( lagg0.4090 193.97.129.90 ) inet proto tcp  from any to 192.168.1.120 port 3389 ridentifier 1674663786 flags S/SA keep state label "id=1674663786" label "tags=user_rule" label "descr=NAT rdp redirect s4p-lz-test2 von guacomole ohne glaur..."
pass  in  quick  on $WAN reply-to ( lagg0.4090 193.97.129.90 ) inet proto tcp  from any to 192.168.1.126 port 80 ridentifier 1670424516 flags S/SA keep state label "id=1670424516" label "tags=user_rule" label "descr=NAT Redirect vu-trail.sf.com 80 direkt"
pass  in  quick  on $WAN reply-to ( lagg0.4090 193.97.129.90 ) inet proto tcp  from any to 192.168.1.126 port 443 ridentifier 1670496531 flags S/SA keep state label "id=1670496531" label "tags=user_rule" label "descr=NAT Redirect vu-trail.sf.com 443 direkt"
pass  in  quick  on $WAN reply-to ( lagg0.4090 193.97.129.90 ) inet proto tcp  from any to 192.168.1.126 port 2019 ridentifier 1670496552 flags S/SA keep state label "id=1670496552" label "tags=user_rule" label "descr=NAT Redirect vu-trail.sf.com 2019 direkt"
pass  in  quick  on $WAN reply-to ( lagg0.4090 193.97.129.90 ) inet proto tcp  from any to 192.168.1.151 port 3389 ridentifier 1751293931 flags S/SA keep state label "id=1751293931" label "tags=user_rule" label "descr=NAT rdp redirect sf-sprung-cad01 von guacomole ohne gl..."
pass  in  quick  on $WAN reply-to ( lagg0.4090 193.97.129.90 ) inet proto tcp  from any to 192.168.1.165 port 80 ridentifier 1775467142 flags S/SA keep state label "id=1775467142" label "tags=user_rule" label "descr=NAT Redirect ÖffIP:80 non ssl auf sf-dppa-dev-02"
pass  in  quick  on $WAN reply-to ( lagg0.4090 193.97.129.90 ) inet proto tcp  from any to 192.168.1.165 port 443 ridentifier 1775467180 flags S/SA keep state label "id=1775467180" label "tags=user_rule" label "descr=NAT Redirect ÖffIP:443 ssl auf sf-dppa-dev-02"
pass  in  quick  on $WAN reply-to ( lagg0.4090 193.97.129.90 ) inet proto tcp  from any to 192.168.1.166 port 80 ridentifier 1775557882 flags S/SA keep state label "id=1775557882" label "tags=user_rule" label "descr=NAT Redirect ÖffIP:80 non ssl auf sf-dppa-dev"
pass  in  quick  on $WAN reply-to ( lagg0.4090 193.97.129.90 ) inet proto tcp  from any to 192.168.1.166 port 443 ridentifier 1775557908 flags S/SA keep state label "id=1775557908" label "tags=user_rule" label "descr=NAT Redirect ÖffIP:443 ssl auf sf-dppa-dev"
pass  in  quick  on $WAN reply-to ( lagg0.4090 193.97.129.90 ) inet proto tcp  from any to 192.168.129.28 port 9101 ridentifier 1426092648 flags S/SA keep state label "id=1426092648" label "tags=user_rule" label "descr=NAT Vaire Director"
pass  in  quick  on $WAN reply-to ( lagg0.4090 193.97.129.90 ) inet proto tcp  from any to 192.168.129.28 port 9102 ridentifier 1426092649 flags S/SA keep state label "id=1426092649" label "tags=user_rule" label "descr=NAT  vaire FD"
pass  in  quick  on $WAN reply-to ( lagg0.4090 193.97.129.90 ) inet proto tcp  from any to 192.168.129.117 port 443 ridentifier 1539958522 flags S/SA keep state label "id=1539958522" label "tags=user_rule" label "descr=NAT rdp redirect bugzilla von www.sf.com ohne glaurungre"
pass  in  quick  on $WAN reply-to ( lagg0.4090 193.97.129.90 ) inet proto tcp  from any to 192.168.160.2 port 8080 ridentifier 1467211958 flags S/SA keep state label "id=1467211958" label "tags=user_rule" label "descr=NAT SF AV Konsole redirect"
pass  in  quick  on $WAN reply-to ( lagg0.4090 193.97.129.90 ) inet proto tcp  from any to 192.168.160.2 port 8443 ridentifier 1465576130 flags S/SA keep state label "id=1465576130" label "tags=user_rule" label "descr=NAT SF AV Konsole redirect"
pass  in  quick  on $WAN reply-to ( lagg0.4090 193.97.129.90 ) inet proto tcp  from any to 192.168.160.7 port 25 ridentifier 1549835381 flags S/SA keep state label "id=1549835381" label "tags=user_rule" label "descr=NAT FEBXXX WAN IN (nur spacenet!) reroute to SFSOGo SMTP"
pass  in  quick  on $WAN reply-to ( lagg0.4090 193.97.129.90 ) inet proto tcp  from any to 192.168.160.7 port 80 ridentifier 1549620736 flags S/SA keep state label "id=1549620736" label "tags=user_rule" label "descr=NAT WAN IN reroute to SFSOGo http"
pass  in  quick  on $WAN reply-to ( lagg0.4090 193.97.129.90 ) inet proto tcp  from any to 192.168.160.7 port 443 ridentifier 1549633303 flags S/SA keep state label "id=1549633303" label "tags=user_rule" label "descr=NAT WAN IN reroute to SFSOGo http LETSENCRYPT"
pass  in  quick  on $WAN reply-to ( lagg0.4090 193.97.129.90 ) inet proto tcp  from any to 192.168.160.7 port 587 ridentifier 1549621982 flags S/SA keep state label "id=1549621982" label "tags=user_rule" label "descr=NAT WAN IN reroute to SFSOGo SUMBISSION"
pass  in  quick  on $WAN reply-to ( lagg0.4090 193.97.129.90 ) inet proto tcp  from any to 192.168.160.7 port 993 ridentifier 1592459735 flags S/SA keep state label "id=1592459735" label "tags=user_rule" label "descr=NAT WAN IN reroute to SFSOGo IMAPs"
pass  in  quick  on $WAN reply-to ( lagg0.4090 193.97.129.90 ) inet proto tcp  from any to 192.168.160.8 port 443 ridentifier 1551896674 flags S/SA keep state label "id=1551896674" label "tags=user_rule" label "descr=NAT FEBx5 NAT to  SF MessageSrvNEU"
pass  in  quick  on $WAN reply-to ( lagg0.4090 193.97.129.90 ) inet proto udp  from any to 192.168.160.8 port 3478 ridentifier 1584639020 keep state label "id=1584639020" label "tags=user_rule" label "descr=NAT Redirect STUN/TURN alt. TCP+UDP to matrix/Riot Srv..."
pass  in  quick  on $WAN reply-to ( lagg0.4090 193.97.129.90 ) inet proto { tcp udp }  from any to 192.168.160.8 port 5349 ridentifier 1559393807 keep state label "id=1559393807" label "tags=user_rule" label "descr=NAT Redirect STUN/TURN TCP+UDP to matrix/Riot Srv NEU ..."
pass  in  quick  on $WAN reply-to ( lagg0.4090 193.97.129.90 ) inet proto udp  from any to 192.168.160.8 port >= 49152 ridentifier 1702896071 keep state label "id=1702896071" label "tags=user_rule" label "descr=NAT Redirect STUN/TURN TCP+UDP to matrix/Riot Srv NEU ..."
pass  in  quick  on $WAN reply-to ( lagg0.4090 193.97.129.90 ) inet proto tcp  from any to 192.168.180.2 port 8169 ridentifier 1551611991 flags S/SA keep state label "id=1551611991" label "tags=user_rule" label "descr=NAT FEBXv4 odoo 2 smaug-NAT 4 Pic/Tracking/unsupscr vi..."
pass  in  quick  on $WAN reply-to ( lagg0.4090 193.97.129.90 ) inet proto tcp  from any to 192.168.175.117 port 1883 ridentifier 1771254241 flags S/SA keep state label "id=1771254241" label "tags=user_rule" label "descr=NAT Redirect mqtt-lz-t 1883 non ssl, von auf glaurung"
pass  in  quick  on $WAN reply-to ( lagg0.4090 193.97.129.90 ) inet proto tcp  from any to 192.168.175.117 port 8883 ridentifier 1771254218 flags S/SA keep state label "id=1771254218" label "tags=user_rule" label "descr=NAT Redirect mqtt-lz-t 8883 ssl, von auf glaurung"
pass  in  quick  on $WAN reply-to ( lagg0.4090 193.97.129.90 ) inet proto tcp  from any to 192.168.1.119 port 3389 ridentifier 1699535117 flags S/SA keep state label "id=1699535117" label "tags=user_rule" label "descr=NAT rdp redirect IT4CE-mes von guacomole ohne glaurung..."
pass  in log  quick  on $WAN reply-to ( lagg0.4090 193.97.129.90 ) inet proto { tcp udp }  from any to 193.97.129.89 port 1194 ridentifier 1672824958 keep state label "id=1672824958" label "tags=user_rule" label "descr=allow from everywhere OpenVPN Clients USER*PW+CertFile..."
block  in log  quick  on $WAN inet from any to any ridentifier 1498813579 label "id=1498813579" label "tags=user_rule" label "descr=block all other WAN"
block  in log  quick  on $WAN inet6 from any to any ridentifier 1498813579 label "id=1498813579" label "tags=user_rule" label "descr=block all other WAN"

# Rules for LAN
block  in log  quick  on $LAN inet proto { tcp udp }  from 192.168.128.0/18 to 193.97.129.89 port 1194 ridentifier 1672823291 label "id=1672823291" label "tags=user_rule" label "descr=Block intern OpenVPN Clients USER*PW+CertFile_Yubi"
pass  in  quick  on $LAN inet proto tcp  from any to any port 443 ridentifier 1664966473 flags S/SA keep state label "id=1664966473" label "tags=user_rule" label "descr=allow HTTPS from ZSW"
pass  in  quick  on $LAN inet proto { tcp udp }  from $WLANIPs to $Drucker ridentifier 1737475823 keep state label "id=1737475823" label "tags=user_rule" label "descr=allow Print from WLAN"
pass  in  quick  on $LAN inet proto { tcp udp }  from 192.168.2.254 to $Drucker ridentifier 1737476988 keep state label "id=1737476988" label "tags=user_rule" label "descr=allow Print from WLAN"
pass  in log  quick  on $LAN inet from $LAN__NETWORK to $sfi_web ridentifier 1641986007 keep state label "id=1641986007" label "tags=user_rule" label "descr=LOG LAN 2 WEB wegen Portscan"
pass  in  quick  on $LAN inet proto icmp  from any to any icmp-type echoreq ridentifier 1648044249 keep state label "id=1648044249" label "tags=user_rule" label "descr=4DEL"
pass  in  quick  on $LAN inet proto udp  from 192.168.160.2 to $OPT7__NETWORK port 136 >< 140 ridentifier 1636468863 keep state label "id=1636468863" label "tags=user_rule" label "descr=Allow 137,138, 139 udp from sfi-av"
pass  in  quick  on $LAN inet proto tcp  from 192.168.160.2 to $OPT7__NETWORK port 139 ridentifier 1636469042 flags S/SA keep state label "id=1636469042" label "tags=user_rule" label "descr=Allow 139 tcp from sfi-av"
block  in  quick  on $LAN inet proto { tcp udp }  from any to any port 134 >< 140 ridentifier 1426092662 label "id=1426092662" label "tags=user_rule" label "descr=drop any Netbios"
block  in  quick  on $LAN inet6 proto { tcp udp }  from any to any port 134 >< 140 ridentifier 1426092662 label "id=1426092662" label "tags=user_rule" label "descr=drop any Netbios"
pass  in log  quick  on $LAN inet proto tcp  from 192.168.160.2 to $OPT7__NETWORK port 445 ridentifier 1636468950 flags S/SA keep state label "id=1636468950" label "tags=user_rule" label "descr=allow 445 tcp from sfi-AV"
block  in log  quick  on $LAN inet proto { tcp udp }  from any to any port 445 ridentifier 1426092663 label "id=1426092663" label "tags=user_rule" label "descr=drop any SAMBA"
block  in log  quick  on $LAN inet6 proto { tcp udp }  from any to any port 445 ridentifier 1426092663 label "id=1426092663" label "tags=user_rule" label "descr=drop any SAMBA"
pass  in  quick  on $LAN inet proto udp  from $OPT7__NETWORK to any port 123 ridentifier 1504270734 keep state label "id=1504270734" label "tags=user_rule" label "descr=allow NTP from SFiDMZ"
pass  in  quick  on $LAN inet proto udp  from $LAN__NETWORK to any port 123 ridentifier 1426092659 keep state label "id=1426092659" label "tags=user_rule" label "descr=allow NTP From LAN"
pass  in  quick  on $LAN inet proto tcp  from 192.168.160.7 to 195.30.249.98 port 25 ridentifier 1558727862 flags S/SA keep state label "id=1558727862" label "tags=user_rule" label "descr=Allow SMTP from SFSOGo to mail.sf.com(SPACENET)"
pass  in  quick  on $LAN inet proto tcp  from 192.168.129.125 to 192.168.160.7 port 25 ridentifier 1426092657 flags S/SA keep state label "id=1426092657" label "tags=user_rule" label "descr=NAT force SMTP from scanner over local MTA to sfsogo"
pass  in  quick  on $LAN inet proto tcp  from $OPT8__NETWORK to 192.168.160.7 port 25 ridentifier 1759417132 flags S/SA keep state label "id=1759417132" label "tags=user_rule" label "descr=allow SMTP from itmgmtnet"
pass  in  quick  on $LAN inet proto tcp  from $AVSrv to $ITMgmtSrv port $AVPorts ridentifier 1665413791 flags S/SA keep state label "id=1665413791" label "tags=user_rule" label "descr=Allow AV from AVSrv to ITMgmtSrv"
pass  in  quick  on $LAN inet proto tcp  from $grpITMgmtAllowed to $ITMgmtSrv port 3389 ridentifier 1665412399 flags S/SA keep state label "id=1665412399" label "tags=user_rule" label "descr=Allow RDP from grpITMgmtAllowed to ITMgmtSrv"
pass  in  quick  on $LAN inet proto tcp  from $OPSISrv to $OPT8__NETWORK port 4441 ridentifier 1672092270 flags S/SA keep state label "id=1672092270" label "tags=user_rule" label "descr=Allow OPSIin from OpsiSrv to SFITMgmnt Net"
pass  in  quick  on $LAN inet proto tcp  from $OPSISrv to $WLANIPs port 4441 ridentifier 1735223801 flags S/SA keep state label "id=1735223801" label "tags=user_rule" label "descr=Allow OPSIin from OpsiSrv to SFWLAN Net"
# destination address is empty - Allow ProxmoxWEBLogin from SFLan
block  in  quick  on $LAN inet proto tcp  from any to $ITMgmtSrv ridentifier 1665413693 flags S/SA label "id=1665413693" label "tags=user_rule" label "descr=block everything to ITMgmtSrv"
pass  in  quick  on $LAN inet from $LAN__NETWORK to any ridentifier 1747158533 keep state label "id=1747158533" label "tags=user_rule" label "descr=LAN -> Allow Everywhere Private AND Public Network"
block  in log  quick  on $LAN inet6 from any to any ridentifier 1426092665 label "id=1426092665" label "tags=user_rule" label "descr=block all other LAN IPv6"
block  in log  quick  on $LAN inet from any to any ridentifier 1752648096 label "id=1752648096" label "tags=user_rule" label "descr=block all other LAN IPv4"

# Rules for SF10GNET
pass  in  quick  on $SF10GNET inet proto tcp  from 192.168.3.253 to 192.168.130.109 port 8080 ridentifier 1775472621 flags S/SA keep state label "id=1775472621" label "tags=user_rule" label "descr=allow Unifi Network to PC Felipe"
pass  in  quick  on $SF10GNET inet proto udp  from $OPT1__NETWORK to 192.168.160.1 port 123 ridentifier 1775472664 keep state label "id=1775472664" label "tags=user_rule" label "descr=ntp anfragen von SFBackup Subnet erlauben"
pass  in  quick  on $SF10GNET inet proto icmp  from any to any icmp-type { echorep,echoreq } ridentifier 1775472688 keep state label "id=1775472688" label "tags=user_rule" label "descr=Allow Ping 2 LAN Net"
pass  in  quick  on $SF10GNET inet proto { tcp udp }  from any to 192.168.129.119 port 53 ridentifier 1775472706 keep state label "id=1775472706" label "tags=user_rule" label "descr=Allow DNS für jeden"
pass  in  quick  on $SF10GNET inet proto tcp  from any to any port 80 ridentifier 1775472724 flags S/SA keep state label "id=1775472724" label "tags=user_rule" label "descr=Allow HTTP to everywhere"
pass  in  quick  on $SF10GNET inet proto tcp  from any to any port 443 ridentifier 1775472735 flags S/SA keep state label "id=1775472735" label "tags=user_rule" label "descr=Allow HTTPs to everywhere"
pass  in  quick  on $SF10GNET inet proto tcp  from $OPT1__NETWORK to 192.168.160.7 port 25 ridentifier 1775472787 flags S/SA keep state label "id=1775472787" label "tags=user_rule" label "descr=allow Mail 25"
block  in  quick  on $SF10GNET inet from any to any ridentifier 1775472897 label "id=1775472897" label "tags=user_rule" label "descr=DROP REST SFBACKUP"
block  in  quick  on $SF10GNET inet6 from any to any ridentifier 1775472897 label "id=1775472897" label "tags=user_rule" label "descr=DROP REST SFBACKUP"

# Rules for SFIDMZ
block  in log  quick  on $SFIDMZ inet proto { tcp udp }  from $OPT7__NETWORK to 193.97.129.89 port 1194 ridentifier 1672825284 label "id=1672825284" label "tags=user_rule" label "descr=Block intern OpenVPN Clients USER*PW+CertFile_Yubi"
pass  in  quick  on $SFIDMZ inet proto { tcp udp }  from $OPT7__NETWORK to 192.168.129.119 port 53 ridentifier 1664882077 keep state label "id=1664882077" label "tags=user_rule" label "descr=dns anfragen erlauben iDMZ"
pass  in  quick  on $SFIDMZ inet proto tcp  from 192.168.1.1 to $sfi_texas port 22 ridentifier 1664881581 flags S/SA keep state label "id=1664881581" label "tags=user_rule" label "descr=FEBx9 allow sfi-smb4ext ssh zu sfi-texas"
pass  in  quick  on $SFIDMZ inet proto icmp  from $IPiDMZatSFAllowedtoSchmalz to $IPATSchmalzAllowedFromSF icmp-type echoreq ridentifier 1752505351 keep state label "id=1752505351" label "tags=user_rule" label "descr=allow PING from allowed SF to Allowed Schmalz"
block  in  quick  on $SFIDMZ inet proto icmp  from any to $IPATSchmalzAllowedFromSF icmp-type echoreq ridentifier 1752649573 label "id=1752649573" label "tags=user_rule" label "descr=Block PING from not allowed SF to allowed Schmalz"
pass  in  quick  on $SFIDMZ inet proto icmp  from $OPT7__NETWORK to any icmp-type echoreq ridentifier 1664886019 keep state label "id=1664886019" label "tags=user_rule" label "descr=allow PING from iDMZ to Everywhere"
pass  in  quick  on $SFIDMZ inet proto tcp  from $IPiDMZatSFAllowedtoSchmalz to $IPATSchmalzAllowedFromSF port 3389 ridentifier 1752650016 flags S/SA keep state label "id=1752650016" label "tags=user_rule" label "descr=allow RDP from allowed SF to allowed Schmalz"
block  in  quick  on $SFIDMZ inet proto tcp  from any to $IPATSchmalzAllowedFromSF port 3389 ridentifier 1752650077 flags S/SA label "id=1752650077" label "tags=user_rule" label "descr=Block RDP from not allowed SF to allowed Schmalz"
pass  in  quick  on $SFIDMZ inet proto tcp  from 192.168.1.1 to $sfi_texas port 111 ridentifier 1664881659 flags S/SA keep state label "id=1664881659" label "tags=user_rule" label "descr=FEBx9 allow sfi-smb4ext NFS zu sfi-texas"
pass  in  quick  on $SFIDMZ inet proto tcp  from 192.168.1.1 to $sfi_texas port 2049 ridentifier 1664881731 flags S/SA keep state label "id=1664881731" label "tags=user_rule" label "descr=FEBx9 allow sfi-smb4ext  NFSv4 zu sfi-texas"
pass  in  quick  on $SFIDMZ inet proto tcp  from 192.168.1.13 to 192.168.130.216 ridentifier 1664882298 flags S/SA keep state label "id=1664882298" label "tags=user_rule" label "descr=allow all from sf-sap-wt1202 to navigate from iDMZ"
pass  in  quick  on $SFIDMZ inet proto tcp  from 192.168.1.13 to 192.168.160.16 port 7788 ridentifier 1664882764 flags S/SA keep state label "id=1664882764" label "tags=user_rule" label "descr=allow sf-sap-wt1202 zu creolic"
pass  in  quick  on $SFIDMZ inet proto tcp  from 192.168.1.13 to 192.168.160.16 port 49247 ridentifier 1664882709 flags S/SA keep state label "id=1664882709" label "tags=user_rule" label "descr=allow sf-sap-wt1202 zu creolic"
pass  in  quick  on $SFIDMZ inet proto tcp  from 192.168.1.19 to 192.168.129.59 port 8081 ridentifier 1664882121 flags S/SA keep state label "id=1664882121" label "tags=user_rule" label "descr=allow from sf-sap-wt102 to ep-wtpot-w7 8081"
pass  in  quick  on $SFIDMZ inet proto tcp  from 192.168.1.31 to 192.168.160.1 port 445 ridentifier 1690290771 flags S/SA keep state label "id=1690290771" label "tags=user_rule" label "descr=FEBx10 allow twx-lz-test CIFS zu sfi-samba4"
pass  in  quick  on $SFIDMZ inet proto { tcp udp }  from 192.168.1.42 to 192.168.130.133 port 26999 >< 27010 ridentifier 1664882567 keep state label "id=1664882567" label "tags=user_rule" label "descr=PTCLizMgr von lorenz-integ zu sf-integ-prod Port 1"
pass  in  quick  on $SFIDMZ inet proto { tcp udp }  from 192.168.1.42 to 192.168.130.133 port 41978 ridentifier 1664882665 keep state label "id=1664882665" label "tags=user_rule" label "descr=PTCLizMgr von lorenz-integ zu sf-integ-prod Port 2"
pass  in  quick  on $SFIDMZ inet proto tcp  from 192.168.1.64 to 192.168.130.187 port 22 ridentifier 1664883867 flags S/SA keep state label "id=1664883867" label "tags=user_rule" label "descr=allow ssh from lorenz-clientwin7 to lorenz-s4p-dev"
pass  in  quick  on $SFIDMZ inet proto { tcp udp }  from 192.168.1.64 to 192.168.130.185 port 8443 ridentifier 1664883992 keep state label "id=1664883992" label "tags=user_rule" label "descr=Tomcat von lorenz-clientw7 zu lorenz-twx-dev Port"
pass  in  quick  on $SFIDMZ inet proto tcp  from 192.168.1.66 to $sfi_nas port 111 ridentifier 1664884066 flags S/SA keep state label "id=1664884066" label "tags=user_rule" label "descr=FEBx7 allow sfi-svn03 NFS zu sfi-nas"
pass  in  quick  on $SFIDMZ inet proto tcp  from 192.168.1.66 to $sfi_nas port 624 ridentifier 1664884129 flags S/SA keep state label "id=1664884129" label "tags=user_rule" label "descr=FEBx7 allow sfi-svn03 NFS zu sfi-nas"
pass  in  quick  on $SFIDMZ inet proto tcp  from 192.168.1.66 to $sfi_nas port 2049 ridentifier 1664884210 flags S/SA keep state label "id=1664884210" label "tags=user_rule" label "descr=FEBx7 allow sfi-svn03 NFS zu sfi-nas"
pass  in  quick  on $SFIDMZ inet proto tcp  from 192.168.1.100 to 192.168.160.201 port 111 ridentifier 1752219903 flags S/SA keep state label "id=1752219903" label "tags=user_rule" label "descr=FEBx9 allow prox-idmz-01 NFS zu QNAP"
pass  in  quick  on $SFIDMZ inet proto tcp  from 192.168.1.100 to 192.168.1.1 port 389 ridentifier 1764064145 flags S/SA keep state label "id=1764064145" label "tags=user_rule" label "descr=FEBx9 allow prox-idmz-01 LDAP to extern1"
pass  in  quick  on $SFIDMZ inet proto tcp  from 192.168.1.100 to 192.168.1.1 port 636 ridentifier 1764064238 flags S/SA keep state label "id=1764064238" label "tags=user_rule" label "descr=FEBx9 allow prox-idmz-01 LDAPs to extern1"
pass  in  quick  on $SFIDMZ inet proto tcp  from 192.168.1.100 to 192.168.160.201 port 2049 ridentifier 1752219944 flags S/SA keep state label "id=1752219944" label "tags=user_rule" label "descr=FEBx9 allow prox-idmz-01 NFS zu QNAP"
pass  in  quick  on $SFIDMZ inet proto { tcp udp }  from $sf_sprung_CAD_kisten to 5.102.189.15 port 1194 ridentifier 1701434150 keep state label "id=1701434150" label "tags=user_rule" label "descr=Allow VPN from sf-sprung-cadx to trevit talis"
pass  in  quick  on $SFIDMZ inet proto { tcp udp }  from 192.168.1.160 to 192.168.130.133 ridentifier 1727702861 keep state label "id=1727702861" label "tags=user_rule" label "descr=PTCLizMgr von sf-rvs-125 zu sf-integ-prod Port 2"
pass  in  quick  on $SFIDMZ inet proto { tcp udp }  from 192.168.1.160 to 192.168.130.136 ridentifier 1727699611 keep state label "id=1727699611" label "tags=user_rule" label "descr=PTCLizMgr von sf-rvs-125 zu sf-integ-data Port 2"
pass  in  quick  on $SFIDMZ inet proto { tcp udp }  from 192.168.1.160 to 192.168.160.1 port 389 ridentifier 1727700207 keep state label "id=1727700207" label "tags=user_rule" label "descr=LPAP von sf-rvs-125 zu 192.168.160.1"
pass  in  quick  on $SFIDMZ inet proto udp  from $sf_sprung_se_Kisten to any port $BarracudaVPNUDP ridentifier 1666774833 keep state label "id=1666774833" label "tags=user_rule" label "descr=Allow Barracuda VPN UDP from sf_sprung_se_Kisten"
pass  in  quick  on $SFIDMZ inet proto tcp  from $sf_sprung_se_Kisten to any port $BarracudaVPNTCP ridentifier 1666774783 flags S/SA keep state label "id=1666774783" label "tags=user_rule" label "descr=Allow Barracuda VPN TCP fromsf_sprung_se_Kisten"
pass  in  quick  on $SFIDMZ inet proto gre  from $sf_sprung_se_Kisten to any ridentifier 1666775189 keep state label "id=1666775189" label "tags=user_rule" label "descr=Allow Barracuda VPN GRE from sf_sprung_se_Kisten"
pass  in  quick  on $SFIDMZ inet proto esp  from $sf_sprung_se_Kisten to any ridentifier 1664884661 keep state label "id=1664884661" label "tags=user_rule" label "descr=L2TP ESP from sfi-sprung-w10"
pass  in  quick  on $SFIDMZ inet proto tcp  from 192.168.1.100 to $sfi_texas port 22 ridentifier 1664884755 flags S/SA keep state label "id=1664884755" label "tags=user_rule" label "descr=FEBx10 allow proxmox-idmz-01 ssh zu sfi-texas"
pass  in  quick  on $SFIDMZ inet proto tcp  from 192.168.1.100 to $sfi_texas port 111 ridentifier 1664884808 flags S/SA keep state label "id=1664884808" label "tags=user_rule" label "descr=FEBx10 allow proxmox-idmz-01 NFS zu sfi-texas"
pass  in  quick  on $SFIDMZ inet proto tcp  from 192.168.1.100 to $sfi_texas port 624 ridentifier 1664885040 flags S/SA keep state label "id=1664885040" label "tags=user_rule" label "descr=FEBx10 allow proxmox-idmz-01 NFS zu sfi-texas"
pass  in  quick  on $SFIDMZ inet proto tcp  from 192.168.1.100 to $sfi_texas port 2049 ridentifier 1664885086 flags S/SA keep state label "id=1664885086" label "tags=user_rule" label "descr=FEBx10 allow proxmox-idmz-01 NFSv4 zu sfi-texas"
pass  in  quick  on $SFIDMZ inet proto tcp  from 192.168.1.100 to $Prox_Backup port 8007 ridentifier 1664885139 flags S/SA keep state label "id=1664885139" label "tags=user_rule" label "descr=FEBx10 allow proxmox-idmz-01 zu proxmox-backup"
pass  in  quick  on $SFIDMZ inet proto { tcp udp }  from 192.168.1.125 to 192.168.130.136 port 27000 ridentifier 1664883171 keep state label "id=1664883171" label "tags=user_rule" label "descr=PTCLizMgr von itq-rvs zu sf-integ-prod Port 1"
pass  in  quick  on $SFIDMZ inet proto { tcp udp }  from 192.168.1.125 to 192.168.130.136 port 49178 ridentifier 1664883813 keep state label "id=1664883813" label "tags=user_rule" label "descr=PTCLizMgr von itq-rvs zu sf-integ-data Port 2"
pass  in  quick  on $SFIDMZ inet proto { tcp udp }  from any to any port 1688 ridentifier 1696409220 keep state label "id=1696409220" label "tags=user_rule" label "descr=Office/Windows Activation Server KMS"
pass  in  quick  on $SFIDMZ inet proto { tcp udp }  from $OPT7__NETWORK to $LAN__NETWORK port 21 ridentifier 1664885252 keep state label "id=1664885252" label "tags=user_rule" label "descr=allow FTP from iDMZ to LAN"
pass  in  quick  on $SFIDMZ inet proto tcp  from $OPT7__NETWORK to 192.168.129.28 port 9100 >< 9104 ridentifier 1664885879 flags S/SA keep state label "id=1664885879" label "tags=user_rule" label "descr=iDMZ Net to Bacula"
pass  in  quick  on $SFIDMZ inet proto tcp  from $OPT7__NETWORK to $OPSISrv port 139 ridentifier 1664885641 flags S/SA keep state label "id=1664885641" label "tags=user_rule" label "descr=allow OPSI 139"
pass  in  quick  on $SFIDMZ inet proto tcp  from $OPT7__NETWORK to $OPSISrv port 445 ridentifier 1664885595 flags S/SA keep state label "id=1664885595" label "tags=user_rule" label "descr=allow OPSI 445"
pass  in  quick  on $SFIDMZ inet proto tcp  from $OPT7__NETWORK to $OPSISrv port 4447 ridentifier 1664885688 flags S/SA keep state label "id=1664885688" label "tags=user_rule" label "descr=allow OPSI 4447"
pass  in  quick  on $SFIDMZ inet proto tcp  from $OPT7__NETWORK to $OPSISrv port 4441 ridentifier 1664885551 flags S/SA keep state label "id=1664885551" label "tags=user_rule" label "descr=allow OPSI 4441"
pass  in  quick  on $SFIDMZ inet proto tcp  from $OPT7__NETWORK to 192.168.130.136 port 445 ridentifier 1664885407 flags S/SA keep state label "id=1664885407" label "tags=user_rule" label "descr=allow shares from 130.136 Port 1 von 2"
pass  in  quick  on $SFIDMZ inet proto tcp  from $OPT7__NETWORK to 192.168.130.136 port 1433 ridentifier 1664885458 flags S/SA keep state label "id=1664885458" label "tags=user_rule" label "descr=allow SQL Database on sf-integ-data"
pass  in  quick  on $SFIDMZ inet proto udp  from $OPT7__NETWORK to 192.168.160.1 port 123 ridentifier 1664885355 keep state label "id=1664885355" label "tags=user_rule" label "descr=ntp anfragen von intDMZ erlauben"
pass  in  quick  on $SFIDMZ inet proto tcp  from $OPT7__NETWORK to 192.168.160.2 port 7074 ridentifier 1664885738 flags S/SA keep state label "id=1664885738" label "tags=user_rule" label "descr=SV AV Konsole transfer"
pass  in  quick  on $SFIDMZ inet proto tcp  from $OPT7__NETWORK to 192.168.160.2 port 8080 ridentifier 1664885786 flags S/SA keep state label "id=1664885786" label "tags=user_rule" label "descr=SV AV Konsole transfer"
pass  in  quick  on $SFIDMZ inet proto tcp  from $OPT7__NETWORK to 192.168.160.2 port 8443 ridentifier 1664885829 flags S/SA keep state label "id=1664885829" label "tags=user_rule" label "descr=SV AV Konsole transfer"
pass  in  quick  on $SFIDMZ inet proto { tcp udp }  from $OPT7__NETWORK to 192.168.160.7 port 25 ridentifier 1664885304 keep state label "id=1664885304" label "tags=user_rule" label "descr=sfidmz darf mailen"
pass  in  quick  on $SFIDMZ inet proto { tcp udp }  from $OPT7__NETWORK to 192.168.160.7 port 587 ridentifier 1763382893 keep state label "id=1763382893" label "tags=user_rule" label "descr=sfidmz darf secure 587 mailen"
pass  in  quick  on $SFIDMZ inet proto tcp  from $OPT7__NETWORK to 192.168.130.136 port 49206 ridentifier 1664885925 flags S/SA keep state label "id=1664885925" label "tags=user_rule" label "descr=allow Licence from sf-integ-data"
pass  in  quick  on $SFIDMZ inet proto tcp  from $OPT7__NETWORK to any port 80 ridentifier 1664885966 flags S/SA keep state label "id=1664885966" label "tags=user_rule" label "descr=allow HTTP from iDMZ to Everywhere"
pass  in  quick  on $SFIDMZ inet proto tcp  from $OPT7__NETWORK to any port 443 ridentifier 1664886056 flags S/SA keep state label "id=1664886056" label "tags=user_rule" label "descr=allow HTTPs from iDMZ to Everywhere"
pass  in  quick  on $SFIDMZ inet proto udp  from $OPT7__NETWORK to any port 4501 ridentifier 1697119520 keep state label "id=1697119520" label "tags=user_rule" label "descr=allow udp Used for IPSec tunnel connections between Gl..."
block  in log  quick  on $SFIDMZ inet from $OPT7__NETWORK to $LAN__NETWORK ridentifier 1664886107 label "id=1664886107" label "tags=user_rule" label "descr=block all iDMZ to LAN"
block  in log  quick  on $SFIDMZ inet6 from $OPT7__NETWORK to $LAN__NETWORK ridentifier 1664886107 label "id=1664886107" label "tags=user_rule" label "descr=block all iDMZ to LAN"
block  in log  quick  on $SFIDMZ inet from any to any ridentifier 1664886171 label "id=1664886171" label "tags=user_rule" label "descr=block all other"
block  in log  quick  on $SFIDMZ inet6 from any to any ridentifier 1664886171 label "id=1664886171" label "tags=user_rule" label "descr=block all other"

# Rules for SFITMGMNT
block  in log  quick  on $SFITMGMNT inet proto { tcp udp }  from 192.168.128.0/18 to 193.97.129.89 port 1194 ridentifier 1672825310 label "id=1672825310" label "tags=user_rule" label "descr=Block intern OpenVPN Clients USER*PW+CertFile_Yubi"
pass  in  quick  on $SFITMGMNT inet proto tcp  from $OPT8__NETWORK to 192.168.129.170 port 139 ridentifier 1672087678 flags S/SA keep state label "id=1672087678" label "tags=user_rule" label "descr=allow OPSI 139"
pass  in  quick  on $SFITMGMNT inet proto tcp  from $OPT8__NETWORK to 192.168.129.170 port 445 ridentifier 1672087739 flags S/SA keep state label "id=1672087739" label "tags=user_rule" label "descr=allow OPSI 445"
pass  in  quick  on $SFITMGMNT inet proto tcp  from $OPT8__NETWORK to 192.168.129.170 port 4441 ridentifier 1672087759 flags S/SA keep state label "id=1672087759" label "tags=user_rule" label "descr=allow OPSI 4441"
pass  in  quick  on $SFITMGMNT inet proto tcp  from $OPT8__NETWORK to 192.168.129.170 port 4447 ridentifier 1672087776 flags S/SA keep state label "id=1672087776" label "tags=user_rule" label "descr=allow OPSI 4447"
pass  in  quick  on $SFITMGMNT inet proto udp  from $OPT8__NETWORK to 192.168.160.1 port 123 ridentifier 1672915413 keep state label "id=1672915413" label "tags=user_rule" label "descr=ntp anfragen von itmgmt erlauben"
pass  in  quick  on $SFITMGMNT inet proto tcp  from $OPT8__NETWORK to 192.168.160.7 port 25 ridentifier 1672914701 flags S/SA keep state label "id=1672914701" label "tags=user_rule" label "descr=allow Mail 25"
pass  in  quick  on $SFITMGMNT inet proto icmp  from any to any icmp-type { echorep,echoreq } ridentifier 1665065012 keep state label "id=1665065012" label "tags=user_rule" label "descr=Allow Ping 2 LAN Net"
pass  in  quick  on $SFITMGMNT inet proto { tcp udp }  from any to 192.168.129.119 port 53 ridentifier 1665060355 keep state label "id=1665060355" label "tags=user_rule" label "descr=Allow DNS für jeden"
pass  in  quick  on $SFITMGMNT inet proto tcp  from any to any port 80 ridentifier 1665060215 flags S/SA keep state label "id=1665060215" label "tags=user_rule" label "descr=Allow HTTP to everywhere"
pass  in  quick  on $SFITMGMNT inet proto tcp  from any to any port 443 ridentifier 1665060229 flags S/SA keep state label "id=1665060229" label "tags=user_rule" label "descr=Allow HTTPs to everywhere"
pass  in  quick  on $SFITMGMNT inet proto { tcp udp }  from $ITMgmtSrv to $SambaSrv ridentifier 1665067469 keep state label "id=1665067469" label "tags=user_rule" label "descr=Allow TCP+UPD with SambaSrv"
pass  in  quick  on $SFITMGMNT inet proto tcp  from $ITMgmtSrv to $AVSrv port $AVPorts ridentifier 1665060942 flags S/SA keep state label "id=1665060942" label "tags=user_rule" label "descr=Allow TCP with AVSrv"
pass  in  quick  on $SFITMGMNT inet proto tcp  from $prox_itmgmt to $sfi_texas port 111 ridentifier 1766501267 flags S/SA keep state label "id=1766501267" label "tags=user_rule" label "descr=allow sfi-prox_itmgmt NFS zu sfi-texas"
pass  in  quick  on $SFITMGMNT inet proto tcp  from $prox_itmgmt to $sfi_texas port 624 ridentifier 1766501299 flags S/SA keep state label "id=1766501299" label "tags=user_rule" label "descr=allow sfi-prox_itmgmt NFS zu sfi-texas"
pass  in  quick  on $SFITMGMNT inet proto tcp  from $prox_itmgmt to $sfi_texas port 2049 ridentifier 1766501365 flags S/SA keep state label "id=1766501365" label "tags=user_rule" label "descr=FEBx9 allow prox_itmgmt NFSv4 zu sfi-texas"
block  in  quick  on $SFITMGMNT inet from any to any ridentifier 1665411959 label "id=1665411959" label "tags=user_rule" label "descr=block all other"
block  in  quick  on $SFITMGMNT inet6 from any to any ridentifier 1665411959 label "id=1665411959" label "tags=user_rule" label "descr=block all other"

# Rules for SFWLAN
block  in log  quick  on $SFWLAN inet proto { tcp udp }  from 192.168.128.0/18 to 193.97.129.89 port 1194 ridentifier 1736784392 label "id=1736784392" label "tags=user_rule" label "descr=Block intern OpenVPN Clients USER*PW+CertFile_Yubi"
pass  in  quick  on $SFWLAN inet from any to any ridentifier 1734893296 keep state label "id=1734893296" label "tags=user_rule" label "descr=Test mer mal"
pass  in  quick  on $SFWLAN inet6 from any to any ridentifier 1734893296 keep state label "id=1734893296" label "tags=user_rule" label "descr=Test mer mal"
block  in  quick  on $SFWLAN inet from any to any ridentifier 1734941732 label "id=1734941732" label "tags=user_rule" label "descr=Test mer mal"
block  in  quick  on $SFWLAN inet6 from any to any ridentifier 1734941732 label "id=1734941732" label "tags=user_rule" label "descr=Test mer mal"

# array key "opt10" does not exist for "ifaceLaptop to ifaceManagement 443 (Anti-Lockout)" in array: {WAN LAN SF10GNET SFIDMZ SFITMGMNT SFWLAN SFEOLSRV IPsec OpenVPN }
# array key "opt10" does not exist for "ifaceLaptop to ifaceManagement 22 (Anti-Lockout)" in array: {WAN LAN SF10GNET SFIDMZ SFITMGMNT SFWLAN SFEOLSRV IPsec OpenVPN }
# array key "opt10" does not exist for "Management zu allen VLANs" in array: {WAN LAN SF10GNET SFIDMZ SFITMGMNT SFWLAN SFEOLSRV IPsec OpenVPN }
# array key "opt10" does not exist for "alle anderen blockieren" in array: {WAN LAN SF10GNET SFIDMZ SFITMGMNT SFWLAN SFEOLSRV IPsec OpenVPN }

# Rules for SFEOLSRV
# source address is empty - Block OpenVPN from SFEOLSrv LAN
pass  in  quick  on $SFEOLSRV inet proto { tcp udp }  from $OPT11__NETWORK to 192.168.129.119 port 53 ridentifier 1765903838 keep state label "id=1765903838" label "tags=user_rule" label "descr=allow DNS to SF from EOLSRV Netz"
pass  in  quick  on $SFEOLSRV inet proto udp  from $OPT11__NETWORK to 192.168.160.1 port 123 ridentifier 1765903879 keep state label "id=1765903879" label "tags=user_rule" label "descr=allow NTP to sfi-samba4 from EOLSrv Netz"
pass  in  quick  on $SFEOLSRV inet proto tcp  from 192.168.4.101 to 192.168.160.1 port 389 ridentifier 1769004244 flags S/SA keep state label "id=1769004244" label "tags=user_rule" label "descr=FEBx9 allow proxeolSrv LDAP t"
pass  in  quick  on $SFEOLSRV inet proto tcp  from 192.168.4.101 to 192.168.160.11 port 389 ridentifier 1769004316 flags S/SA keep state label "id=1769004316" label "tags=user_rule" label "descr=FEBx9 allow proxeolSrv LDAP t"
pass  in  quick  on $SFEOLSRV inet proto tcp  from 192.168.4.101 to $sfi_texas port 111 ridentifier 1768921232 flags S/SA keep state label "id=1768921232" label "tags=user_rule" label "descr=allow prox-eolsrv NFS zu sfi-texas"
pass  in  quick  on $SFEOLSRV inet proto tcp  from 192.168.4.101 to $sfi_texas port 2049 ridentifier 1768921248 flags S/SA keep state label "id=1768921248" label "tags=user_rule" label "descr=FEBx9 allow prox-eolsrv NFSv4 zu sfi-texas"
pass  in  quick  on $SFEOLSRV inet proto tcp  from $OPT11__NETWORK to any port 80 ridentifier 1765903932 flags S/SA keep state label "id=1765903932" label "tags=user_rule" label "descr=allow HTTP to SF from EOLSrv Netz (auch apt)"
pass  in  quick  on $SFEOLSRV inet proto tcp  from $OPT11__NETWORK to any port 443 ridentifier 1765903956 flags S/SA keep state label "id=1765903956" label "tags=user_rule" label "descr=allow HTTPs to SF from EOLSrv Netz"
pass  in  quick  on $SFEOLSRV inet proto icmp  from $OPT11__NETWORK to any icmp-type { echorep,echoreq } ridentifier 1765904066 keep state label "id=1765904066" label "tags=user_rule" label "descr=Allow Ping from EOLSrv Net"
block  in  quick  on $SFEOLSRV inet proto tcp  from any to any ridentifier 1768920686 flags S/SA label "id=1768920686" label "tags=user_rule" label "descr=block everything else"

#############################
# Rules for the IPsec service
#############################
pass out   route-to ( lagg0.4090 193.97.129.90 )  proto udp from (self) to 185.169.78.2 port = 500 ridentifier 1000110451 keep state  label "descr=IPsec: Site-to-site IPsec to Schmalz Phase - outbound ..."
pass in  on $WAN  reply-to ( lagg0.4090 193.97.129.90 )  proto udp from 185.169.78.2 to (self) port = 500 ridentifier 1000110452 keep state label "descr=IPsec: Site-to-site IPsec to Schmalz Phase - inbound i..."
pass out   route-to ( lagg0.4090 193.97.129.90 )  proto udp from (self) to 185.169.78.2 port = 4500 ridentifier 1000110453 keep state  label "descr=IPsec: Site-to-site IPsec to Schmalz Phase - outbound ..."
pass in  on $WAN  reply-to ( lagg0.4090 193.97.129.90 )  proto udp from 185.169.78.2 to (self) port = 4500 ridentifier 1000110454 keep state label "descr=IPsec: Site-to-site IPsec to Schmalz Phase - inbound n..."
pass out   route-to ( lagg0.4090 193.97.129.90 )  proto esp from (self) to 185.169.78.2 ridentifier 1000110455 keep state  label "descr=IPsec: Site-to-site IPsec to Schmalz Phase - outbound ..."
pass in  on $WAN  reply-to ( lagg0.4090 193.97.129.90 )  proto esp from 185.169.78.2 to (self) ridentifier 1000110456 keep state label "descr=IPsec: Site-to-site IPsec to Schmalz Phase - inbound e..."

##################################
# Rules for the TFTP Proxy service
##################################
anchor "tftp-proxy/*"
