$ipfrules.="pass out {$log['pass']} route-to ( {$ifcfg['if']}{$gw} ) from {$ifcfg['ip']} to !{$ifcfg['sa']}/{$ifcfg['sn']} keep state allow-opts label \"let out anything from firewall host itself\"\n";
$ipfrules.="pass out {$log['pass']} route-to ( {$ifcfg['if']}{$gw} ) from ({$ifcfg['if']}) to !({$ifcfg['if']}:network) keep state allow-opts label \"let out anything from firewall host itself\"\n";
$ipfrules.="pass out {$log['pass']} route-to ( {$ifcfg['if']}{$gw} ) from {$vip['ip']} to !{$ifcfg['sa']}/{$ifcfg['sn']} keep state allow-opts label \"let out anything from firewall host itself\"\n";
}else{
$ipfrules.="pass out {$log['pass']} route-to ( {$ifcfg['if']}{$gw} ) from {$vip['ip']} to !".gen_subnet($vip['ip'],$vip['sn'])."/{$vip['sn']} keep state allow-opts label \"let out anything from firewall host itself\"\n";
$ipfrules.="pass out {$log['pass']} route-to ( {$stf}{$gwv6} ) inet6 from {$ifcfg['ipv6']} to !{$ifcfg['ipv6']}/{$pdlen} keep state allow-opts label \"let out anything from firewall host itself\"\n";
$ipfrules.="pass out {$log['pass']} route-to ( {$stf}{$gwv6} ) inet6 from ({$stf}) to !({$stf}:network) keep state allow-opts label \"let out anything from firewall host itself\"\n";
if(is_array($ifcfg['vips6'])){
foreach($ifcfg['vips6']as$vip)
$ipfrules.="pass out {$log['pass']} route-to ( {$stf}{$gwv6} ) inet6 from {$vip['ip']} to !{$vip['ip']}/{$pdlen} keep state allow-opts label \"let out anything from firewall host itself\"\n";