[EMAIL PROTECTED] wrote: > ... > Refer to ipstat display below. > The packets are blocked as described above with or w/o statements 46, > 47 48. Statements 40-48 were my > attempt to say, "Pass in ANY packet from these trusted hosts, > regardless of the flag being set." > ... > @46 pass in quick proto tcp from 123.456.70.0/26 to any flags > FSRPAU/FSRPAU keep state keep frags > @47 pass in quick proto tcp from 123.456.70.64/27 to any flags > FSRPAU/FSRPAU keep state keep frags > @48 pass in quick proto tcp from 123.456.70.96/28 to any flags > FSRPAU/FSRPAU keep state keep frags
What you have said is match only packets with all of the flags FIN, SYN, RST, PSH, ACK and URG set. Or in other words, those rules will never match a packet :) To match all packets, regardless of flags, do not specify the "flags X/Y" in the rule. Darren
