thank you jggimi For all your help and patience!
now its working but Frankly I'm not so sure how
I'd love if you could help me understand The following line:
match out on egress inet from !(egress) to any nat-to (egress:0)
The part I do not understand is how !(egress) represent my VR1 interface
and (egress:0) represent my VR0 Interface ...
this is the working configuration:
Code:
ext_if = "vr0"
int1_if = "vr1"
#
set block-policy drop
set loginterface $ext_if
set limit { frags 5000, states 10000 }
set state-policy floating
set optimization normal
set ruleset-optimization basic
set timeout interval 10
set timeout frag 30
set skip on lo
#
match out on egress inet from !(egress) to any nat-to (egress:0)
block return #all
antispoof for $ext_if inet
#
pass out quick keep state
pass in quick on $int1_if