Anchor example main ruleset block in on $int_if all anchor authpf in on $int_if from 10.2.0.0/16 pass out on $ext_if from any to any keep state sub-ruleset pass from 10.2.3.4 to any port www keep state pass from 10.2.3.4 to 10.1.1.1 port smtp keep state loading the sub-ruleset with a name $ pfctl -a authpf:10.2.3.4 -f file $ pfctl -a authpf:10.2.3.4 -sr $ pfctl -a authpf -sA