Hello, happy new year. I think there is a off-by-one error in Packet Filter port ranges, for example with an exclude boundary range : port1 >< port2
PF or pfctl does not check that port1 <= port2 and if port1 > port2 the port range is not correct. For example 82 >< 80 is not the same as 80 >< 82 (but should IMO). I've tested with these rules: pass in quick block out quick proto tcp from self to 94.23.254.147 port 82 >< 80 pass out quick Then, port 81 is not filtered out. Thanks, regards.
