hi you only tag the package to port 1194 in both case and you are allowing only tagged packaged to ports 22, 80, 443
David 2005/11/11, Karl-Heinz Wild <[EMAIL PROTECTED]>: > > I try to tag a connection on the wan_if and > accordingly on the tag I'll restrict the > access on an other interface like. > > an example ... > > pass in quick on wan_if proto tcp from <nuser> to port 1194 tag NORM > keep state > pass in quick on wan_if proto tcp from <puser> to port 1194 tag POWER > keep state > > pass in quick on tun_if to port { 80, 443 } tagged NORM keep state > pass in quick on tun_if to port { 22, 80, 443 } tagged POWER keep state > > ... > > but I don't know why. It doesn't work. > I thought that works. > > I ask for advice. > Thanks > > Karl-Heinz