#!/bin/sh

ipfw -q flush
ipfw -q table all flush

ipfw -q nat 123 config if em0 same_ports reset \
redirect_port tcp xxx.yyy.10.250:22 56522 \
redirect_port tcp aaa.bbb.0.2:443 443 \
redirect_port tcp aaa.bbb.0.2:80 80

ipfw -q add pass ip from any to any via lo0
ipfw -q add deny ip from any to 127.0.0.0/8
ipfw -q add deny ip from 127.0.0.0/8 to any
ipfw -q add deny ip from any to ::1
ipfw -q add deny ip from ::1 to any
ipfw -q add count ip from any to any via tap1
ipfw -q add pass ip from any to any via tun0
ipfw -q add pass ip from any to any via enc0
ipfw -q add pass ip from any to any via em1
ipfw -q add pass ip from any to any via tap0
ipfw -q add pass ip from any to any via bridge0

ipfw -q add skipto 10000 ip4 from any to any via em0
ipfw -q add skipto 20000 ip6 from any to any via em0
ipfw -q add deny ip from any to any

ipfw -q add 10000 nat 123 ip4 from any to any
ipfw -q add pass ip4 from any to any
ipfw -q add deny ip from any to any

ipfw -q add 20000 pass ip6 from any to any 
ipfw -q add deny log ip from any to any

exit 0