Было как-то так на два провайдера:
#/etc/pf.conf
ifT="vlan413"
ipT="91.214.29.134"
gwT="91.214.29.133"
ifE="vlan2"
ipE="80.84.184.126"
gwE="80.84.184.125"
ifL="vlan100"
# Tables
table <glb_gray> { 10.55.0.0/16 }
table <glb_switches> { 10.55.250.0/24 }
table <glb_all> { 10.55.0.0/16, 224.0.0.0/4, 80.84.187.0/24, 10.0.0.0/8 }
table <rfc_gray> { 10.0.0.0/8, 169.254.0.0/16, 172.16.0.0/12, 192.168.0.0/16 }
table <uaix> persist file "/etc/uaix.txt"
table <me> const { self }
set limit states 128000
set optimization aggressive
# Nat Outgoing Connections
nat pass on $ifT from <glb_gray> to any -> $ipT
nat pass on $ifE from <glb_gray> to any -> $ipE
# Express IP via Express Channel
pass out quick route-to ($ifE $gwE) inet from ($ifE) to ! <glb_all> flags any keep state
#pass out quick on $ifT route-to ($ifE $gwE) from ($ifE) to ! <glb_all> flags any keep state
# Telza IP via Telza Channel
pass out quick route-to ($ifT $gwT) inet from ($ifT) to ! <glb_all> flags any keep state
#pass out quick on $ifE route-to ($ifT $gwT) from ($ifT) to ! <glb_all> flags any keep state
# UA-IX routing via Telza
pass in quick on $ifL route-to {($ifT $gwT)} from <glb_gray> to <uaix> flags any keep state
# Round Robin Routing
pass in on $ifL route-to { ($ifE $gwE), ($ifT $gwT)} round-robin from <glb_gray> to ! <glb_all> flags any keep state
#pass in quick on $ifL route-to ($ifE $gwE) from <glb_gray> to ! <glb_all> probability 60% keep state
#pass in quick on $ifL route-to ($ifT $gwT) from <glb_gray> to ! <glb_all> probability 40% keep state
# Allow All on LocalHost
set skip on lo
block return in quick on ! lo0 from any to 127.0.0.0/8
block return out quick on ! lo0 from 127.0.0.0/8 to any
# Allow OSPF
pass on $ifL proto ospf from any to any
pass on $ifL proto igmp from any to any
# Deny forwarding grey IP address
block return out quick on $ifE from any to <rfc_gray>
block return in quick on $ifE from <rfc_gray> to any
block return out quick on $ifT from any to <rfc_gray>
block return in quick on $ifT from <rfc_gray> to any
# Deny incoming request to MySQL Serv from Internet
block return in quick on $ifE proto tcp from any to <me> port { 411, 3306 }
block return in quick on $ifT proto tcp from any to <me> port { 411, 3306 }
# Deny incoming TFTP, but switches
block return quick proto udp from ! <glb_switches> to <me> port 69
Извиняйте за буржуйские комменты - уж так я привык.
ЗЫ: да и фря 7я что-то русский язык через mc не принимает
Сделал я подставы свои ip,gw,if и не не фига !
Люди нужна помощь ! за финансовое вознаграждение !
