##############################################################################
# pf.conf for mta
##############################################################################

##### Macros
# Interfaces
IFextn="xn1"

##### Tables

table <rfc1918> const { 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, fc00::/7 }
table <rfc6890> const { 192.0.2.0/24, 198.51.100.0/24, 203.0.113.0/24, 2001:0db8::/32 }
table <rfc6598> const { 100.64.0.0/10 }         # ISP CGN
# need to create /etc/pf.rej (Empty file permitted)
table <reject> persist file "/etc/pf.rej"

##### pf Options
set block-policy drop

##### Normarization
scrub in on $IFextn random-id fragment reassemble
scrub    on $IFextn random-id

##### Filtering ruleset
set skip on lo0

pass all
anchor "blacklistd/*" in on $IFextn