On 2007/03/15 10:25, Ryan Corder wrote: > On Thu, 2007-03-15 at 01:39 +0000, Stuart Henderson wrote: > > feed the rule into "pfctl -nvf -" and see how it's expanded. > > basically what you would expect...
> pass out on bge0 from <inside> to ! <outside> ... > pass out on bge0 from <inside> to ! <llcidr> ... i.e. pass out to everyone-apart-from-outside pass out to everyone-apart-from-llcidr This blocks only the intersection of outside and llcidr (probably nobody).
