default:
 set log phase chat lcp ipcp ccp tun
 set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \"\" ATE0Q0 OK \\dATDT\\T TIMEOUT 60 CONNECT"

 set device /dev/cuaa0
 set speed 115200
 set login
 set redial 3 3
 set reconnect 3 3
 enable lqr
 set lqrperiod 30

 nat enable yes
 nat deny_incoming yes
 nat use_sockets yes
 nat same_ports yes

 set ifaddr 10.0.0.1/0 10.0.0.2/0 0.0.0.0 0.0.0.0
 add default HISADDR
 delete 10.0.0.2

 set filter dial 0 permit 0 0 tcp syn
 set filter dial 1 permit 0 0 udp dst eq 53

 set filter alive 0 permit 0 0 tcp estab

papchap:
 set timeout 1800
 set phone 123456789
 set authname vasya
 set authkey superpuperpassword

> default:
>  set log phase chat lcp ipcp ccp tun
>  set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \"\"
> ATE0Q0 OK \\dATDT\\T TIMEOUT 60 CONNECT"
> 
>  set device /dev/cuaa0
>  set speed 115200
>  set login
>  set redial 3 3
>  set reconnect 3 3
>  enable lqr
>  set lqrperiod 30
> 
>  nat enable yes
>  nat deny_incoming yes
>  nat use_sockets yes
>  nat same_ports yes
> 
>  set ifaddr 10.0.0.1/0 10.0.0.2/0 0.0.0.0 0.0.0.0
>  add default HISADDR
>  delete 10.0.0.2
> 
>  set filter dial 0 permit 0 0 tcp syn
>  set filter dial 1 permit 0 0 udp dst eq 53
> 
>  set filter alive 0 permit 0 0 tcp estab
> 
> papchap:
>  set timeout 1800
>  set phone 123456789
>  set authname vasya
>  set authkey superpuperpassword
> 
> 

firewall_enable="YES"
    firewall_script="/etc/firewall/fwrules"
    natd_enable="YES"
    natd_interface="tun0"
    natd_flags="-dynamic"

# Firewall rules
    fwcmd="/sbin/ipfw"
    $fwcmd -f flush
    $fwcmd add divert natd all from any to any via tun0
    $fwcmd add allow ip from any to any via lo0
    $fwcmd add allow ip from any to any via fxp0
    $fwcmd add allow tcp from any to any out xmit tun0 setup
    $fwcmd add allow tcp from any to any via tun0 established
    $fwcmd add reset log tcp from any to any 113 in recv tun0
    $fwcmd add allow udp from any to x.x.x.x 53 out xmit tun0
    $fwcmd add allow udp from x.x.x.x 53 to any in recv tun0
    $fwcmd add 65435 allow icmp from any to any
    $fwcmd add 65435 deny log ip from any to any

# ppp
# term
# atdtxxxxx
# login:****# password:*****

my_ISPs_DNS = напиши сам:)
ipfw add allow tcp from any to any via tun0 established
ipfw add allow tcp from me to any via tun0 setup
ipfw add allow log icmp from any to any
ipfw add allow udp from me to $my_ISPs_DNS 53 via tun0
ipfw add allow udp from $my_ISPs_DNS to me via tun0
ipfw add allow ip from any to any via lo0
ipfw add deny log ip from any to any 

# -- sysinstall generated deltas -- # Fri Apr  5 18:56:57 2002
# Created: Fri Apr  5 18:56:57 2002
# Enable network daemons for user convenience.
# Please make all changes to this file, not to /etc/defaults/rc.conf.
# This file now contains just the overrides from /etc/defaults/rc.conf.
kern_securelevel_enable="NO"
nfs_reserved_port_only="YES"
sendmail_enable="YES"
sshd_enable="YES"
usbd_enable="YES"
firewall_enabled="YES"
firewall_script="/etc/fwscript"

my_ISPs_DNS = ns.tomsknet.ru 
ipfw add allow tcp from any to any via tun0 establishe
ipfw add allow tcp from me to any via tun0 setup
ipfw add allow log icmp from any to any
ipfw add allow udp from me to $my_ISPs_DNS 53 via tun0
ipfw add allow udp from $my_ISPs_DNS to me via tun0
ipfw add allow ip from any to any via lo0
ipfw add deny log ip from any to any 

# ipfw sh
65535 44 3748 allow ip from any to any
# nslokkup*Can't find server name for address 217.106.32.254: Timed out.*Can't find server name for address 217.106.32.254: Timed out.*Default servers are not available.

options IPFIREWALL 
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=100
options IPDIVERT
options TCP_DROP_SYNFIN

my_ISPs_DNS = 213.59.238.11
fwcmd="/sbin/ipfw" 
$fwcmd add allow tcp from any to any via tun0 established
$fwcmd add allow tcp from me to any via tun0 setup
$fwcmd add allow log icmp from any to any
$fwcmd add allow udp from me to $my_ISPs_DNS 53 via tun0
$fwcmd add allow udp from $my_ISPs_DNS to me via tun0
$fwcmd add allow ip from any to any via lo0
$fwcmd add deny log ip from any to any

# sh /etc/fwrules (тут-то он начал чё-то делать хех)
# ipfw l
00100 allow tcp from any to any via tun0 established
00200 allow tcp from me to any via tun0 setup
00300 allow log logamount 50 icmp from any to any
00400 allow udp from me to 0.0.0.53 via tun0
65535 allow ip from any to any
#tail /var/log/security
Apr  7 15:36:09  /kernel: ipfw: 300 Accept ICMP:3.3 127.0.0.1 127.0.0.1 out via lo0
Apr  7 15:36:09  /kernel: ipfw: 300 Accept ICMP:3.3 127.0.0.1 127.0.0.1 in via lo0
Apr  7 15:36:09  /kernel: ipfw: 300 Accept ICMP:3.3 127.0.0.1 127.0.0.1 out via lo0
Apr  7 15:36:09  /kernel: ipfw: 300 Accept ICMP:3.3 127.0.0.1 127.0.0.1 in via lo0
Apr  7 15:36:09  /kernel: ipfw: 300 Accept ICMP:3.3 127.0.0.1 127.0.0.1 out via lo0
Apr  7 15:36:09  /kernel: ipfw: 300 Accept ICMP:3.3 127.0.0.1 127.0.0.1 in via lo0
Apr  7 15:36:09  /kernel: ipfw: 300 Accept ICMP:3.3 127.0.0.1 127.0.0.1 out via lo0
Apr  7 15:36:09  /kernel: ipfw: 300 Accept ICMP:3.3 127.0.0.1 127.0.0.1 in via lo0
Apr  9 09:48:48  /kernel: ipfw: 300 Accept ICMP:8.0 213.210.70.142 195.230.90.26 out via tun0
Apr  9 09:48:56  last message repeated 8 times