Recompile your kernel and add:
options IPFIREWALL_FORWARD
Add the following rule to the kernel ipfw table:
add 60 forward 127.0.0.2 ip from not table(1) to not 172.16.45.0/24 via vr0 in
Replace <table(1)> with your desired authorized list table.
Replace <172.16.45.0/24> with your LAN's private subnet.
Replace <vr0> with the adapter connected to your LAN's private subnet.
All 'authorized' IP addresses go into table 1:
ipfw table 1 add 172.16.45.9/32
Replace <172.16.45.9/32> with the desired IP address.
To handle the Apache Nyah message without messing with your current config:
- Instruct Apache to listen on 127.0.0.2
- Set up an IP-based virtual host, whose 404 and 200 status messages are both the desired message, cuz you'll be getting a lot of strange URL requests.
<VirtualHost 127.0.0.2:80 > ErrorDocument 404 "j00 R t3h suxx0r!" ErrorDocument 200 "j00 R t3h suxx0r!" </VirtualHost>
...or something like that.