I have a machine with 4 Ethernet ports.  I want to bridge ports 3 and 
4, route between that net and the net on port 2, and NAT traffic from 
both of those to port 0's network.  In addition, I need assorted access 
controls on the traffic from the bridged net to the port 0 net.  Is it 
possible to do that with either ipfilter or pf?  (The machine currently 
runs 2.0rc5, but I'm willing to switch it to -current if that will 
help.)

		--Steve Bellovin, http://www.research.att.com/~smb