I have a fairly simple ruleset and it doesn't seem to be working right for me...at least it doesn't make much since.
======== ext_if="bge0" int_if="bge1" table <outside> const { 10.0.1.0/24, 10.0.2.0/24, 10.0.3.0/24 } table <inside> const { 10.0.4.0/24, 10.0.5.0/24 } table <others> const { 172.18.114.35 } block log all label "default block" pass in on $int_if from <inside> to any tag INSIDE keep state pass out on $ext_if from <inside> to { !<outside>, !<others> } tagged INSIDE keep state flags S/SA ======== here is the problem, from a machine on the 10.0.5.0/24 subnet, I can connect to any IP and any port on the 10.0.3.0/24 subnet. the way the two pass rules are written, I was thinking that I would be able to connect to anything EXCEPT the subnets listed in <outside> and <others>. what am I missing here? thanks. ryanc -- Ryan Corder <[EMAIL PROTECTED]> Systems Engineer, NovaSys Health LLC. 501-219-4444 ext. 646 [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]