set block-policy return
set skip on lo

block log

pass out on egress from internal:network to any nat-to (egress)
pass out on egress from (egress) to any

pass in on internal from internal:network to internal
pass out on internal from internal to internal:network