I pick ------------------------------ # match rules match out on egress inet from !(egress:network) to any nat-to (egress:0) ------------------------------- from http://www.openbsd.org/faq/pf/example1.html
But, this match rules don't work . accordin to man pf.conf 10.0.0.0 - 10.255.255.255 (all of net 10, i.e. 10/8) 172.16.0.0 - 172.31.255.255 (i.e. 172.16/12) 192.168.0.0 - 192.168.255.255 (i.e. 192.168/16) nat-to is usually applied outbound. If applied inbound, nat-to to a local IP address is not supported.
