# Test rule order processing: should fail unless nat -> filter
#match out on lo0 from 192.168.1.1 to any nat-to 10.0.0.1
#match in on lo0 proto tcp from any to 1.2.3.4/32 port 2222 rdr-to 10.0.0.10 port 22   
#match on lo0 from 192.168.1.1 to any binat-to 10.0.0.1
pass in on lo1000000 from any to any no state